PT-2023-20729 · Northern.Tech · Cfengine Enterprise
Ole Herman Elgesem
·
Published
2023-04-25
·
Updated
2024-06-27
·
CVE-2023-26560
CVSS v3.1
6.5
Medium
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Northern.tech CFEngine Enterprise versions prior to 3.21.1
Description
The issue allows a subset of authenticated users to leverage the Scheduled Reports feature to read arbitrary files and potentially discover credentials.
Recommendations
For versions prior to 3.21.1, update to version 3.21.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the Scheduled Reports feature until a patch is available.
Fix
Side Channel Attack
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Cfengine Enterprise