CVE-2023-34096

Name of the Vulnerable Software and Affected Versions Thruk versions 3.06 and prior

Description The issue concerns a Path Traversal vulnerability in the panorama.pm file, which allows an attacker to upload a file to any folder with write permissions on the affected system. The location parameter is not filtered, validated, or sanitized, accepting any characters. For a path traversal attack, only the dot (.) and the slash (/) characters are required.

Recommendations For Thruk versions 3.06 and prior, update to version 3.06.2 to resolve the issue. As a temporary workaround, consider restricting access to the panorama.pm file until a patch is applied.