Nagios Log Server versions prior to 2024R1 contain an incorrect authorization vulnerability. Users who lacked the required API permission were nevertheless able to invoke API endpoints, resulting in unintended access to data and actions exposed via the API. This incorrect authorization check could allow authenticated but non-privileged users to read or modify resources beyond their intended rights.
oryginał ENCVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:XNagios Log Server
APPNagios< 2024
Powiązane podatności
Nagios Log Server: uruchamianie Logstash z uprawnieniami root (privilege escalation)
RCE w Nagios Log Server — code injection przez malformed dashboard ID
Nagios Log Server: ujawnienie kluczy API w postaci jawnej przez authenticated użytkownika
Nagios Log Server versions prior to 2026R1.0.1 are vulnerable to local privilege escalation due to a combinati...
Nagios Log Server versions prior to 2026R1.0.1 contain an authenticated command injection vulnerability in the...