Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2022-41329: Fortiguard

An exposure of sensitive information to an unauthorized actor vulnerability [CWE-200] in Fortinet FortiProxy version 7.2.0 through 7.2.1 and 7.0.0 through 7.0.7, FortiOS version 7.2.0 through 7.2.3 and 7.0.0 through 7.0.9 allows an unauthenticated attackers to obtain sensitive logging informations on the device via crafted HTTP GET requests.

CVE
Open in Source
#vulnerability#ios#auth

** PSIRT Advisories**

FortiOS / FortiProxy - Unauthenticated access to static files containing logging information

Summary

An exposure of sensitive information to an unauthorized actor vulnerability [CWE-200] in FortiOS and FortiProxy may allow an unauthenticated attacker to obtain sensitive logging information on the device via crafted HTTP GET requests.

Affected Products

FortiProxy version 7.2.0 through 7.2.2
FortiProxy version 7.0.0 through 7.0.8
FortiOS version 7.2.0 through 7.2.3
FortiOS version 7.0.0 through 7.0.9
FortiOS version 6.4.0 through 6.4.11
FortiOS version 6.2.3 and above

Solutions

Please upgrade to FortiProxy version 7.2.2 or above
Please upgrade to FortiProxy version 7.0.8 or above
Please upgrade to FortiOS version 7.2.4 or above
Please upgrade to FortiOS version 7.0.10 or above
Please upgrade to FortiOS version 6.4.11 or above

Acknowledgement

Internally discovered and reported by Théo Leleu of Fortinet Product Security team.

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE