IDOR on download logs feature

IDOR on download logs feature Fortinet PSIRT Advisories Fortinet PSIRT Contact: Website: https://fortiguard.fortinet.com/faq/psirt-contact FG-IR-23-204 Final 1 1 2024-09-10T00:00:00 Current version 2024-09-10T00:00:00 2024-09-10T00:00:00 An authorization bypass through user-controlled key [CWE-639] vulnerability in FortiAnalyzer & FortiManager may allow a remote attacker with low privileges to read sensitive data via a crafted HTTP request. None Information disclosure FortiManager 7.6 all versions are not affectedFortiManager version 7.4.0FortiManager version 7.2.0 through 7.2.4FortiManager 7.0 all versionsFortiManager 6.4 all versionsFortiManager 6.2 all versionsFortiAnalyzer-BigData 7.4 all versions are not affectedFortiAnalyzer-BigData version 7.2.0 through 7.2.5FortiAnalyzer 7.6 all versions are not affectedFortiAnalyzer version 7.4.0FortiAnalyzer version 7.2.0 through 7.2.4FortiAnalyzer 7.0 all versionsFortiAnalyzer 6.4 all versionsFortiAnalyzer 6.2 all versions Please upgrade to FortiAnalyzer version 7.4.1 or abovePlease upgrade to FortiAnalyzer version 7.2.5 or abovePlease upgrade to FortiManager version 7.4.1 or abovePlease upgrade to FortiManager version 7.2.5 or abovePlease upgrade to FortiAnalyzer-BigData version 7.4.0 or abovePlease upgrade to FortiAnalyzer-BigData version 7.2.6 or above https://fortiguard.fortinet.com/psirt/FG-IR-23-204 IDOR on download logs feature https://github.com/orangecertcc/security-research/security/advisories/GHSA-3xr4-2rgh-m245 https://github.com/orangecertcc/security-research/security/advisories/GHSA-3xr4-2rgh-m245 Fortinet is pleased to thank security researchers Mickael Dorigny at Orange Cyberdéfense, Frédéric Prevost, François-Xavier Picard and Orange CERT-CC at Orange group for discovering and reporting this vulnerability under responsible disclosure. FortiAnalyzer 7.4.0 FortiAnalyzer 7.2.4 FortiAnalyzer 7.2.3 FortiAnalyzer 7.2.2 FortiAnalyzer 7.2.1 FortiAnalyzer 7.2.0 FortiAnalyzer 7.0.16 FortiAnalyzer 7.0.15 FortiAnalyzer 7.0.14 FortiAnalyzer 7.0.13 FortiAnalyzer 7.0.12 FortiAnalyzer 7.0.11 FortiAnalyzer 7.0.10 FortiAnalyzer 7.0.9 FortiAnalyzer 7.0.8 FortiAnalyzer 7.0.7 FortiAnalyzer 7.0.6 FortiAnalyzer 7.0.5 FortiAnalyzer 7.0.4 FortiAnalyzer 7.0.3 FortiAnalyzer 7.0.2 FortiAnalyzer 7.0.1 FortiAnalyzer 7.0.0 FortiAnalyzer 6.4.15 FortiAnalyzer 6.4.14 FortiAnalyzer 6.4.13 FortiAnalyzer 6.4.12 FortiAnalyzer 6.4.11 FortiAnalyzer 6.4.10 FortiAnalyzer 6.4.9 FortiAnalyzer 6.4.8 FortiAnalyzer 6.4.7 FortiAnalyzer 6.4.6 FortiAnalyzer 6.4.5 FortiAnalyzer 6.4.4 FortiAnalyzer 6.4.3 FortiAnalyzer 6.4.2 FortiAnalyzer 6.4.1 FortiAnalyzer 6.4.0 FortiAnalyzer 6.2.13 FortiAnalyzer 6.2.12 FortiAnalyzer 6.2.11 FortiAnalyzer 6.2.10 FortiAnalyzer 6.2.9 FortiAnalyzer 6.2.8 FortiAnalyzer 6.2.7 FortiAnalyzer 6.2.6 FortiAnalyzer 6.2.5 FortiAnalyzer 6.2.4 FortiAnalyzer 6.2.3 FortiAnalyzer 6.2.2 FortiAnalyzer 6.2.1 FortiAnalyzer 6.2.0 FortiAnalyzer-BigData 7.2.5 FortiAnalyzer-BigData 7.2.4 FortiAnalyzer-BigData 7.2.3 FortiAnalyzer-BigData 7.2.2 FortiAnalyzer-BigData 7.2.1 FortiAnalyzer-BigData 7.2.0 FortiManager 7.4.0 FortiManager 7.2.4 FortiManager 7.2.3 FortiManager 7.2.2 FortiManager 7.2.1 FortiManager 7.2.0 FortiManager 7.0.16 FortiManager 7.0.15 FortiManager 7.0.14 FortiManager 7.0.13 FortiManager 7.0.12 FortiManager 7.0.11 FortiManager 7.0.10 FortiManager 7.0.9 FortiManager 7.0.8 FortiManager 7.0.7 FortiManager 7.0.6 FortiManager 7.0.5 FortiManager 7.0.4 FortiManager 7.0.3 FortiManager 7.0.2 FortiManager 7.0.1 FortiManager 7.0.0 FortiManager 6.4.15 FortiManager 6.4.14 FortiManager 6.4.13 FortiManager 6.4.12 FortiManager 6.4.11 FortiManager 6.4.10 FortiManager 6.4.9 FortiManager 6.4.8 FortiManager 6.4.7 FortiManager 6.4.6 FortiManager 6.4.5 FortiManager 6.4.4 FortiManager 6.4.3 FortiManager 6.4.2 FortiManager 6.4.1 FortiManager 6.4.0 FortiManager 6.2.13 FortiManager 6.2.12 FortiManager 6.2.11 FortiManager 6.2.10 FortiManager 6.2.9 FortiManager 6.2.8 FortiManager 6.2.7 FortiManager 6.2.6 FortiManager 6.2.5 FortiManager 6.2.4 FortiManager 6.2.3 FortiManager 6.2.2 FortiManager 6.2.1 FortiManager 6.2.0 IDOR on download logs feature CVE-2023-44254 FortiAnalyzer-7.4.0 FortiAnalyzer-7.2.4 FortiAnalyzer-7.2.3 FortiAnalyzer-7.2.2 FortiAnalyzer-7.2.1 FortiAnalyzer-7.2.0 FortiAnalyzer-7.0.16 FortiAnalyzer-7.0.15 FortiAnalyzer-7.0.14 FortiAnalyzer-7.0.13 FortiAnalyzer-7.0.12 FortiAnalyzer-7.0.11 FortiAnalyzer-7.0.10 FortiAnalyzer-7.0.9 FortiAnalyzer-7.0.8 FortiAnalyzer-7.0.7 FortiAnalyzer-7.0.6 FortiAnalyzer-7.0.5 FortiAnalyzer-7.0.4 FortiAnalyzer-7.0.3 FortiAnalyzer-7.0.2 FortiAnalyzer-7.0.1 FortiAnalyzer-7.0.0 FortiAnalyzer-6.4.15 FortiAnalyzer-6.4.14 FortiAnalyzer-6.4.13 FortiAnalyzer-6.4.12 FortiAnalyzer-6.4.11 FortiAnalyzer-6.4.10 FortiAnalyzer-6.4.9 FortiAnalyzer-6.4.8 FortiAnalyzer-6.4.7 FortiAnalyzer-6.4.6 FortiAnalyzer-6.4.5 FortiAnalyzer-6.4.4 FortiAnalyzer-6.4.3 FortiAnalyzer-6.4.2 FortiAnalyzer-6.4.1 FortiAnalyzer-6.4.0 FortiAnalyzer-6.2.13 FortiAnalyzer-6.2.12 FortiAnalyzer-6.2.11 FortiAnalyzer-6.2.10 FortiAnalyzer-6.2.9 FortiAnalyzer-6.2.8 FortiAnalyzer-6.2.7 FortiAnalyzer-6.2.6 FortiAnalyzer-6.2.5 FortiAnalyzer-6.2.4 FortiAnalyzer-6.2.3 FortiAnalyzer-6.2.2 FortiAnalyzer-6.2.1 FortiAnalyzer-6.2.0 FortiAnalyzer-BigData-7.2.5 FortiAnalyzer-BigData-7.2.4 FortiAnalyzer-BigData-7.2.3 FortiAnalyzer-BigData-7.2.2 FortiAnalyzer-BigData-7.2.1 FortiAnalyzer-BigData-7.2.0 FortiManager-7.4.0 FortiManager-7.2.4 FortiManager-7.2.3 FortiManager-7.2.2 FortiManager-7.2.1 FortiManager-7.2.0 FortiManager-7.0.16 FortiManager-7.0.15 FortiManager-7.0.14 FortiManager-7.0.13 FortiManager-7.0.12 FortiManager-7.0.11 FortiManager-7.0.10 FortiManager-7.0.9 FortiManager-7.0.8 FortiManager-7.0.7 FortiManager-7.0.6 FortiManager-7.0.5 FortiManager-7.0.4 FortiManager-7.0.3 FortiManager-7.0.2 FortiManager-7.0.1 FortiManager-7.0.0 FortiManager-6.4.15 FortiManager-6.4.14 FortiManager-6.4.13 FortiManager-6.4.12 FortiManager-6.4.11 FortiManager-6.4.10 FortiManager-6.4.9 FortiManager-6.4.8 FortiManager-6.4.7 FortiManager-6.4.6 FortiManager-6.4.5 FortiManager-6.4.4 FortiManager-6.4.3 FortiManager-6.4.2 FortiManager-6.4.1 FortiManager-6.4.0 FortiManager-6.2.13 FortiManager-6.2.12 FortiManager-6.2.11 FortiManager-6.2.10 FortiManager-6.2.9 FortiManager-6.2.8 FortiManager-6.2.7 FortiManager-6.2.6 FortiManager-6.2.5 FortiManager-6.2.4 FortiManager-6.2.3 FortiManager-6.2.2 FortiManager-6.2.1 FortiManager-6.2.0 4.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N/E:P/RL:X/RC:X https://fortiguard.fortinet.com/psirt/FG-IR-23-204 IDOR on download logs feature Reference> https://github.com/orangecertcc/security-research/security/advisories/GHSA-3xr4-2rgh-m245 https://github.com/orangecertcc/security-research/security/advisories/GHSA-3xr4-2rgh-m245