CVE-2022-26310

Name of the Vulnerable Software and Affected Versions Pandora FMS versions 7.0NG.760 and below

Description The issue allows an improper authorization in User Management, where any authenticated user with access to the User Management module could create, modify, or delete any user with full admin privilege. This could lead to a vertical privilege escalation, allowing access to the privileges of a higher-level user or typically an admin user.

Recommendations For Pandora FMS versions 7.0NG.760 and below, consider restricting access to the User Management module to prevent unauthorized modifications to user privileges until a fix is available. As a temporary workaround, limit the capabilities of users with access to the User Management module to minimize the risk of exploitation.