CVE-2023-24515

Name of the Vulnerable Software and Affected Versions Pandora FMS versions prior to v767

Description The issue is related to a Server-Side Request Forgery (SSRF) vulnerability in the API checker of Pandora FMS. The application does not validate the URL scheme used while retrieving the API URL, allowing schemes other than http/https, such as file, which could enable a malicious user to fetch internal file content.

Recommendations For versions prior to v767, update to a version that includes the fix for this issue to prevent exploitation. As a temporary workaround, consider restricting the API checker to only allow http/https schemes to minimize the risk of internal file content exposure.