CVE-2024-35308

Name of the Vulnerable Software and Affected Versions Pandora FMS versions 700 through 777.3

Description A post-authentication arbitrary file read issue exists within the server plugins section in the plugin edition feature. This allows for unauthorized access to files on the server.

Recommendations For versions 700 through 777.3, as a temporary workaround, consider restricting access to the plugin edition feature until a patch is available. Additionally, limit the permissions of the server plugins section to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.