Описание
Nagios 4.4.5 allows an attacker, who already has administrative access to change the "URL for JSON CGIs" configuration setting, to modify the Alert Histogram and Trends code via crafted versions of the archivejson.cgi, objectjson.cgi, and statusjson.cgi files. NOTE: this vulnerability has been mistakenly associated with CVE-2020-1408.
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | DNE | |
| devel | not-affected | 4.3.4-4 |
| eoan | ignored | end of life |
| esm-apps/focal | needs-triage | |
| esm-apps/jammy | not-affected | 4.3.4-4 |
| esm-apps/noble | not-affected | 4.3.4-4 |
| esm-infra-legacy/trusty | DNE | |
| focal | ignored | end of standard support, was needs-triage |
| groovy | not-affected | 4.3.4-4 |
| hirsute | not-affected | 4.3.4-4 |
Показывать по
4 Medium
CVSS2
4.9 Medium
CVSS3
Связанные уязвимости
Nagios 4.4.5 allows an attacker, who already has administrative access to change the "URL for JSON CGIs" configuration setting, to modify the Alert Histogram and Trends code via crafted versions of the archivejson.cgi, objectjson.cgi, and statusjson.cgi files. NOTE: this vulnerability has been mistakenly associated with CVE-2020-1408.
Nagios 4.4.5 allows an attacker, who already has administrative access ...
Nagios 4.4.5 allows an attacker, who already has administrative access to change the "URL for JSON CGIs" configuration setting, to modify the Alert Histogram and Trends code via crafted versions of the archivejson.cgi, objectjson.cgi, and statusjson.cgi files.
4 Medium
CVSS2
4.9 Medium
CVSS3