LTS Patches

We only release patches for Long Time Support (LTS) versions, except for some particular cases where we do so for Regular Rolling Release (RRR) versions. Security patches are developed as soon as possible after the vulnerability is detected.

Patches for LTS versions usually include critical-bug troubleshooting and solutions to security problems.

Bugs Fixed

Case# GitLab# Description

N/A

12592

Fixed Integria IMS integration (Pandora ITSM) at user level with Pandora FMS in its corresponding settings section.

N/A

12768

Fixed: If a user with reading permissions (in this case the Operator read profile) does not belong to a group they will not be able to see the inventory of an agent belonging to that group.

N/A

12775

  • Related: 11589 and 12382

Fixed report export in XML format.

Fixed vulnerabilities

Case# GitLab# Description

CVE-2023-41814 Thanks to Gabriel Weitzel.

12043

Fixed the insertion of JavaScript code (possible XSS) in Pandora FMS notification system messages.

CVE-2023-41815 Thanks to Osama Yousef.

12121

Fixed XSS code insertion for directory names in the File manager of PFMS Web Console.

CVE-2023-44088 Thanks to Osama Yousef.

12122

Fixed SQL and/or JS code insertion for the file name of an image in the option for uploading an image as background when creating a new PFMS visual console.

CVE-2023-44089 Thanks to Osama Yousef.

12123

Fixed JavaScript code insertion in the name of a visual console when creating it (menu Topology maps → Visual console → visual console list).

CVE-2023-44092 Thanks to Aleksey Solovev.

12753

Fixed and prevented the possibility of an attack by operating system command insertion in PFMS event responses.