CVE-2023-40315

CVSS 3.1 Score 8.0 of 10 (high)

Details

Published Aug 17, 2023

Updated: Aug 23, 2023

Summary

CVE-2023-40315 is a vulnerability affecting OpenMNS Horizon versions 31.0.8 and older, as well as related Meridian versions. This issue allows any user with the ROLE_FILESYSTEM_EDITOR to escalate their privileges to ROLE_ADMIN or any other role. This security flaw poses a significant risk, as it can be exploited even within an organization's private networks. To mitigate this vulnerability, it is recommended to upgrade to Meridian 2023.1.5 or Horizon 32.0.2 or newer. OpenNMS acknowledges the report of this issue by Erik Wynter.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

OpenNMS Horizon

Affected Vendors

Opennms

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/sV2Wet
https://www.cve.org/CVERecord?id=CVE-2023-40315
https://nvd.nist.gov/vuln/detail/CVE-2023-40315

Back to Vulnerability Database