Unauthenticated access to static files containing logging information

Unauthenticated access to static files containing logging information Fortinet PSIRT Advisories Fortinet PSIRT Contact: Website: https://fortiguard.fortinet.com/faq/psirt-contact FG-IR-22-364 Final 1 1 2023-03-07T00:00:00 Current version 2023-03-07T00:00:00 2023-03-07T00:00:00 An exposure of sensitive information to an unauthorized actor vulnerability [CWE-200] in FortiOS and FortiProxy administrative interface may allow an unauthenticated attacker to obtain sensitive logging information on the device via crafted HTTP or HTTPs GET requests. None Improper access control FortiProxy version 7.2.0 through 7.2.2FortiProxy version 7.0.0 through 7.0.8FortiProxy 2.0 all versions are not affectedFortiProxy 1.2 all versions are not affectedFortiProxy 1.1 all versions are not affectedFortiOS version 7.2.0 through 7.2.3FortiOS version 7.0.0 through 7.0.9FortiOS version 6.4.0 through 6.4.11FortiOS version 6.2.3 through 6.2.17 Please upgrade to FortiProxy version 7.2.3 or abovePlease upgrade to FortiProxy version 7.0.9 or abovePlease upgrade to FortiOS version 7.2.4 or abovePlease upgrade to FortiOS version 7.0.10 or abovePlease upgrade to FortiOS version 6.4.12 or above Internally discovered and reported by Théo Leleu of Fortinet Product Security team. FortiOS 7.2.3 FortiOS 7.2.2 FortiOS 7.2.1 FortiOS 7.2.0 FortiOS 7.0.9 FortiOS 7.0.8 FortiOS 7.0.7 FortiOS 7.0.6 FortiOS 7.0.5 FortiOS 7.0.4 FortiOS 7.0.3 FortiOS 7.0.2 FortiOS 7.0.1 FortiOS 7.0.0 FortiOS 6.4.11 FortiOS 6.4.10 FortiOS 6.4.9 FortiOS 6.4.8 FortiOS 6.4.7 FortiOS 6.4.6 FortiOS 6.4.5 FortiOS 6.4.4 FortiOS 6.4.3 FortiOS 6.4.2 FortiOS 6.4.1 FortiOS 6.4.0 FortiOS 6.2.17 FortiOS 6.2.16 FortiOS 6.2.15 FortiOS 6.2.14 FortiOS 6.2.13 FortiOS 6.2.12 FortiOS 6.2.11 FortiOS 6.2.10 FortiOS 6.2.9 FortiOS 6.2.8 FortiOS 6.2.7 FortiOS 6.2.6 FortiOS 6.2.5 FortiOS 6.2.4 FortiOS 6.2.3 FortiProxy 7.2.2 FortiProxy 7.2.1 FortiProxy 7.2.0 FortiProxy 7.0.8 FortiProxy 7.0.7 FortiProxy 7.0.6 FortiProxy 7.0.5 FortiProxy 7.0.4 FortiProxy 7.0.3 FortiProxy 7.0.2 FortiProxy 7.0.1 FortiProxy 7.0.0 Unauthenticated access to static files containing logging information CVE-2022-41329 FortiOS-7.2.3 FortiOS-7.2.2 FortiOS-7.2.1 FortiOS-7.2.0 FortiOS-7.0.9 FortiOS-7.0.8 FortiOS-7.0.7 FortiOS-7.0.6 FortiOS-7.0.5 FortiOS-7.0.4 FortiOS-7.0.3 FortiOS-7.0.2 FortiOS-7.0.1 FortiOS-7.0.0 FortiOS-6.4.11 FortiOS-6.4.10 FortiOS-6.4.9 FortiOS-6.4.8 FortiOS-6.4.7 FortiOS-6.4.6 FortiOS-6.4.5 FortiOS-6.4.4 FortiOS-6.4.3 FortiOS-6.4.2 FortiOS-6.4.1 FortiOS-6.4.0 FortiOS-6.2.17 FortiOS-6.2.16 FortiOS-6.2.15 FortiOS-6.2.14 FortiOS-6.2.13 FortiOS-6.2.12 FortiOS-6.2.11 FortiOS-6.2.10 FortiOS-6.2.9 FortiOS-6.2.8 FortiOS-6.2.7 FortiOS-6.2.6 FortiOS-6.2.5 FortiOS-6.2.4 FortiOS-6.2.3 FortiProxy-7.2.2 FortiProxy-7.2.1 FortiProxy-7.2.0 FortiProxy-7.0.8 FortiProxy-7.0.7 FortiProxy-7.0.6 FortiProxy-7.0.5 FortiProxy-7.0.4 FortiProxy-7.0.3 FortiProxy-7.0.2 FortiProxy-7.0.1 FortiProxy-7.0.0 5.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:F/RL:X/RC:C https://fortiguard.fortinet.com/psirt/FG-IR-22-364 Unauthenticated access to static files containing logging information Reference>