Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

github логотип

GHSA-h24p-c667-33hr

Опубликовано: 31 окт. 2025
Источник: github
Github: Не прошло ревью
CVSS4: 8.8
CVSS3: 6.1

Описание

Nagios XI versions prior to 2024R1.2.2 contain a host header injection vulnerability. The application trusts the user-supplied HTTP Host header when constructing absolute URLs without sufficient validation. An unauthenticated, remote attacker can supply a crafted Host header to poison generated links or responses, which may facilitate phishing of credentials, account recovery link hijacking, and web cache poisoning.

Nagios XI versions prior to 2024R1.2.2 contain a host header injection vulnerability. The application trusts the user-supplied HTTP Host header when constructing absolute URLs without sufficient validation. An unauthenticated, remote attacker can supply a crafted Host header to poison generated links or responses, which may facilitate phishing of credentials, account recovery link hijacking, and web cache poisoning.

Ссылки

EPSS

Процентиль: 35%
0.00146
Низкий

8.8 High

CVSS4

6.1 Medium

CVSS3

CVE ID

CVE-2024-14006

Дефекты

CWE-346

Связанные уязвимости

nvd логотип

CVE-2024-14006

CVSS3: 6.1
nvd
3 месяца назад

Nagios XI versions prior to 2024R1.2.2 contain a host header injection vulnerability. The application trusts the user-supplied HTTP Host header when constructing absolute URLs without sufficient validation. An unauthenticated, remote attacker can supply a crafted Host header to poison generated links or responses, which may facilitate phishing of credentials, account recovery link hijacking, and web cache poisoning.

fstec логотип

BDU:2025-14539

CVSS3: 8.2
fstec
3 месяца назад

Уязвимость инструмента для мониторинга ИТ-инфраструктуры Nagios XI, связанная с ошибкой подтверждения источника данных, позволяющая нарушителю проводить фишинг-атаки

EPSS

Процентиль: 35%
0.00146
Низкий

8.8 High

CVSS4

6.1 Medium

CVSS3

CVE ID

CVE-2024-14006

Дефекты

CWE-346