PT-2023-28777 · Proxmox · Proxmox Mail Gateway+2
Cory Cline
·
Published
2023-09-27
·
Updated
2024-10-29
·
CVE-2023-43320
CVSS v3.1
8.8
High
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Proxmox VE versions 5.4 through 8.0
Proxmox Backup Server versions 1.1 through 3.0
Proxmox Mail Gateway versions 7.1 through 8.0
Description
An issue in Proxmox products allows a remote authenticated attacker to escalate privileges via bypassing the two-factor authentication component.
Recommendations
For Proxmox VE versions 5.4 through 8.0, update to a version that includes a fix for this issue.
For Proxmox Backup Server versions 1.1 through 3.0, update to a version that includes a fix for this issue.
For Proxmox Mail Gateway versions 7.1 through 8.0, update to a version that includes a fix for this issue.
As a temporary workaround, consider disabling the two-factor authentication bypass component until a patch is available.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Proxmox Backup Server
Proxmox Mail Gateway
Proxmox Ve