CVE-2021-33178

Опубликовано: 14 окт. 2021

Источник: nvd

CVSS3: 6.5

CVSS2: 8.5

EPSS Низкий

Описание

The Manage Backgrounds functionality within NagVis versions prior to 1.9.29 is vulnerable to an authenticated path traversal vulnerability. Exploitation of this results in a malicious actor having the ability to arbitrarily delete files on the local system.

Ссылки

https://nagvis.org/downloads/changelog/1.9.29
Release Notes
Vendor Advisory
https://www.synopsys.com/blogs/software-security/cyrc-advisory-nagios-xi
Third Party Advisory
https://lists.debian.org/debian-lts-announce/2025/05/msg00000.html
https://nagvis.org/downloads/changelog/1.9.29
Release Notes
Vendor Advisory
https://www.synopsys.com/blogs/software-security/cyrc-advisory-nagios-xi
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:nagvis:nagvis:*:*:*:*:*:nagios_xi:*:*

Версия до 1.9.29 (исключая)

EPSS

Процентиль: 69%

0.00615

Низкий

6.5 Medium

CVSS3

8.5 High

CVSS2

Дефекты

CWE-22

Связанные уязвимости

CVE-2021-33178

CVSS3: 6.5

ubuntu

больше 4 лет назад

CVE-2021-33178

CVSS3: 6.5

debian

больше 4 лет назад

The Manage Backgrounds functionality within NagVis versions prior to 1 ...

GHSA-g6fj-g9qm-g5xw

CVSS3: 6.5

github

больше 3 лет назад

The Manage Backgrounds functionality within Nagvis versions prior to 2.0.9 is vulnerable to an authenticated path traversal vulnerability. Exploitation of this results in a malicious actor having the ability to arbitrarily delete files on the local system.

EPSS

Процентиль: 69%

0.00615

Низкий

6.5 Medium

CVSS3

8.5 High

CVSS2

Дефекты

CWE-22