Nagios: Security Vulnerabilities
Nagios Log Server before 2.1.9 contains Reflected XSS in the dropdown box for the alert history and audit log function. All parameters used for filtering are affected. This affects users who open a crafted link or third-party web page.
CVSS Score
5.4
EPSS Score
0.476
Published
2021-07-30
Nagios Log Server before 2.1.9 contains Stored XSS in the custom column view for the alert history and audit log function through the affected pp parameter. This affects users who open a crafted link or third-party web page.
CVSS Score
5.4
EPSS Score
0.48
Published
2021-07-30
Nagios XI 5.7.5 and earlier allows authenticated admins to upload arbitrary files due to improper validation of the rename functionality in custom-includes component, which leads to remote code execution by uploading php files.
CVSS Score
7.2
EPSS Score
0.352
Published
2021-06-07
Incorrect File Permissions in Nagios XI 5.7.5 and earlier and Nagios Fusion 4.1.8 and earlier allows for Privilege Escalation to root. Low-privileged users are able to modify files that are included (aka sourced) by scripts executed by root.
CVSS Score
8.8
EPSS Score
0.009
Published
2021-05-24
Incorrect SSL certificate validation in Nagios Fusion 4.1.8 and earlier allows for Escalation of Privileges or Code Execution as root via vectors related to download of an untrusted update package in upgrade_to_latest.sh.
CVSS Score
9.8
EPSS Score
0.006
Published
2021-05-24
Command Injection in Nagios Fusion 4.1.8 and earlier allows for Privilege Escalation to nagios.
CVSS Score
9.8
EPSS Score
0.333
Published
2021-05-24
Incorrect File Permissions in Nagios Fusion 4.1.8 and earlier allows for Privilege Escalation to root via modification of scripts. Low-privileges users are able to modify files that can be executed by sudo.
CVSS Score
8.8
EPSS Score
0.01
Published
2021-05-24
Creation of a Temporary Directory with Insecure Permissions in Nagios XI 5.7.5 and earlier allows for Privilege Escalation via creation of symlinks, which are mishandled in getprofile.sh.
CVSS Score
9.8
EPSS Score
0.005
Published
2021-05-24
Incorrect Access Control in Nagios Fusion 4.1.8 and earlier allows low-privileged authenticated users to extract passwords used to manage fused servers via the test_server command in ajaxhelper.php.
CVSS Score
6.5
EPSS Score
0.214
Published
2021-05-24
Insufficient Verification of Data Authenticity in Nagios Fusion 4.1.8 and earlier and Nagios XI 5.7.5 and earlier allows for Escalation of Privileges or Code Execution as root via vectors related to an untrusted update package to upgrade_to_latest.sh.
CVSS Score
9.8
EPSS Score
0.008
Published
2021-05-24