CVE-2022-26308

Name of the Vulnerable Software and Affected Versions Pandora FMS versions 7.0NG.760 and below

Description The issue allows an improper access control in Configuration (Credential store) where a user with the role of Operator (Write) could create, delete, view existing keys which are outside the intended role.

Recommendations For Pandora FMS versions 7.0NG.760 and below, consider restricting the role of Operator (Write) to prevent unauthorized access to the Credential store until a patch is available. As a temporary workaround, limit the permissions of users with the Operator (Write) role to minimize the risk of exploitation.