An authorization bypass through user-controlled key [CWE...
Moderate severity
Unreviewed
Published
Oct 10, 2023
to the GitHub Advisory Database
•
Updated Dec 29, 2023
Description
Published by the National Vulnerability Database
Oct 10, 2023
Published to the GitHub Advisory Database
Oct 10, 2023
Last updated
Dec 29, 2023
An authorization bypass through user-controlled key [CWE-639] vulnerability in Fortinet FortiManager version 7.4.0 and before 7.2.3 and FortiAnalyzer version 7.4.0 and before 7.2.3 allows a remote attacker with low privileges to read sensitive information via crafted HTTP requests.
References