Vulnerabilities > CVE-2023-24515 - Server-Side Request Forgery (SSRF) vulnerability in Pandorafms Pandora FMS

047910
CVSS 6.5 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
HIGH
Integrity impact
NONE
Availability impact
NONE
network
low complexity
pandorafms
CWE-918

Summary

Server-Side Request Forgery (SSRF) vulnerability in API checker of Pandora FMS. Application does not have a check on the URL scheme used while retrieving API URL. Rather than validating the http/https scheme, the application allows other scheme such as file, which could allow a malicious user to fetch internal file content. This issue affects Pandora FMS v767 version and prior versions on all platforms.

Vulnerable Configurations

Part Description Count
Application
Pandorafms
55

Common Weakness Enumeration (CWE)