CVE-2018-18245

Опубликовано: 17 дек. 2018

Источник: debian

EPSS Низкий

Описание

Nagios Core 4.4.2 has XSS via the alert summary reports of plugin results, as demonstrated by a SCRIPT element delivered by a modified check_load plugin to NRPE.

Пакеты

Пакет	Статус	Версия исправления	Релиз	Тип
nagios4	fixed	4.3.4-3		package
nagios3	removed			package

Примечания

https://herolab.usd.de/wp-content/uploads/sites/4/2018/12/usd20180026.txt
https://github.com/NagiosEnterprises/nagioscore/issues/602
Fixed by: https://github.com/NagiosEnterprises/nagioscore/commit/0329033db9a1d0954c304f209ea88824e8f78b8a
No real security impact, plugins need to be trusted to begin with

EPSS

Процентиль: 90%

0.0531

Низкий

Связанные уязвимости

CVE-2018-18245

CVSS3: 5.4

ubuntu

около 7 лет назад

Nagios Core 4.4.2 has XSS via the alert summary reports of plugin results, as demonstrated by a SCRIPT element delivered by a modified check_load plugin to NRPE.

CVE-2018-18245

CVSS3: 4.7

redhat

около 7 лет назад

Nagios Core 4.4.2 has XSS via the alert summary reports of plugin results, as demonstrated by a SCRIPT element delivered by a modified check_load plugin to NRPE.

CVE-2018-18245

CVSS3: 5.4

nvd

около 7 лет назад

Nagios Core 4.4.2 has XSS via the alert summary reports of plugin results, as demonstrated by a SCRIPT element delivered by a modified check_load plugin to NRPE.

GHSA-mmcj-m9g2-2r59

CVSS3: 5.4

github

больше 3 лет назад

Nagios Core 4.4.2 has XSS via the alert summary reports of plugin results, as demonstrated by a SCRIPT element delivered by a modified check_load plugin to NRPE.

openSUSE-SU-2020:0500-1

suse-cvrf

почти 6 лет назад

Security update for nagios

EPSS

Процентиль: 90%

0.0531

Низкий