exploitDog

CVE-2022-29270

Опубликовано: 29 июн. 2022

Источник: nvd

CVSS3: 4.3

CVSS2: 4

EPSS Низкий

Описание

In Nagios XI through 5.8.5, it is possible for a user without password verification to change his e-mail address.

Ссылки

https://assets.nagios.com/downloads/nagiosxi/CHANGES-5.TXT
Release Notes
Vendor Advisory
https://github.com/4LPH4-NL/CVEs
Third Party Advisory
https://github.com/sT0wn-nl/CVEs/blob/master/README.md#nagios-xi
Third Party Advisory
https://www.nagios.com/downloads/nagios-xi/change-log/
Release Notes
Vendor Advisory
https://assets.nagios.com/downloads/nagiosxi/CHANGES-5.TXT
Release Notes
Vendor Advisory
https://github.com/4LPH4-NL/CVEs
Third Party Advisory
https://github.com/sT0wn-nl/CVEs/blob/master/README.md#nagios-xi
Third Party Advisory
https://www.nagios.com/downloads/nagios-xi/change-log/
Release Notes
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:nagios:nagios_xi:*:*:*:*:*:*:*:*

Версия до 5.8.5 (включая)

EPSS

Процентиль: 67%

0.00543

Низкий

4.3 Medium

CVSS3

4 Medium

CVSS2

Дефекты

CWE-306

Связанные уязвимости

GHSA-ccw8-4g6w-j73q

CVSS3: 4.3

github

больше 3 лет назад

In Nagios XI through 5.8.5, it is possible for a user without password verification to change his e-mail address.

EPSS

Процентиль: 67%

0.00543

Низкий

4.3 Medium

CVSS3

4 Medium

CVSS2

Дефекты

CWE-306