CVE-2023-26560

Name
CVE-2023-26560
Description
Northern.tech CFEngine Enterprise before 3.21.1 allows a subset of authenticated users to leverage the Scheduled Reports feature to read arbitrary files and potentially discover credentials.
NVD Severity
medium
Other trackers
Mailing lists
Exploits
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
MISC https://northern.tech
MISC https://cfengine.com/blog/2023/cve-2023-26560/

Match rules

CPE URI Source package Min version Max version
cpe:2.3:a:northern.tech:cfengine:*:*:*:*:enterprise:*:*:* cfengine >= 3.6.0 < 3.21.1

Vulnerable and fixed packages

Source package Branch Version Maintainer Status
cfengine 3.18-community 3.20.0-r1 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable