Vulnerabilities > CVE-2023-26560 - Unspecified vulnerability in Northern.Tech Cfengine

CVSS 6.5 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

NONE

Availability impact

NONE

network

low complexity

northern-tech

NVD

Published: 2023-04-26

Updated: 2023-05-08

Summary

Northern.tech CFEngine Enterprise before 3.21.1 allows a subset of authenticated users to leverage the Scheduled Reports feature to read arbitrary files and potentially discover credentials.

Vulnerable Configurations

Part	Description	Count
Application	Northern.Tech Northern.Tech Cfengine 3.6.0 Northern.Tech Cfengine 3.7 Northern.Tech Cfengine 3.10.7 Northern.Tech Cfengine 3.12.1 Northern.Tech Cfengine 3.12.2 Northern.Tech Cfengine 3.12.3 Northern.Tech Cfengine 3.15.0 Northern.Tech Cfengine 3.15.2 Northern.Tech Cfengine 3.15.3 Northern.Tech Cfengine 3.15.4 Northern.Tech Cfengine 3.15.5 Northern.Tech Cfengine 3.16.0 Northern.Tech Cfengine 3.17.0 Northern.Tech Cfengine 3.18.0 Northern.Tech Cfengine 3.18.1	15

Summary

Vulnerable Configurations

References