QwikSec

Security Database

CVE

CWE

Training

CVE-2013-10072

Published: Oct 30, 2025

Modified: Nov 17, 2025

PUBLISHED

Description

Nagios XI versions prior to 2012R1.6 contain an authorization flaw in the Auto-Discovery functionality. Users with read-only roles could directly reach Auto-Discovery endpoints and pages that should require elevated permissions, exposing discovery results and allowing unintended access to discovery operations.

Vendor	Product	Versions
Nagios	XI	affected `0 - < 2012R1.6`

Weaknesses (CWE)

References

https://www.nagios.com/changelog/nagios-xi/

release-notes

patch

https://www.vulncheck.com/advisories/nagios-xi-auto-discovery-missing-authorization

third-party-advisory

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.