Back to search
CVE-2013-2214
Published: Feb 10, 2014
Modified: Aug 6, 2024
PUBLISHED
Description
status.cgi in Nagios 4.0 before 4.0 beta4 and 3.x before 3.5.1 does not properly restrict access to certain users that are a contact for a service, which allows remote authenticated users to obtain sensitive information about hostnames via the servicegroup (1) overview, (2) summary, or (3) grid style in status.cgi. NOTE: this behavior is by design in most 3.x versions, but the upstream vendor "decided to change it for Nagios 4" and 3.5.1.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
[oss-security] 20130626 Re: CVE request: unauthorized host/service views displayed in servicegroup view
mailing-list
x_refsource_MLIST
openSUSE-SU-2013:1158
vendor-advisory
x_refsource_SUSE
[oss-security] 20130626 CVE request: unauthorized host/service views displayed in servicegroup view
mailing-list
x_refsource_MLIST
openSUSE-SU-2013:1160
vendor-advisory
x_refsource_SUSE
http://tracker.nagios.org/view.php?id=456
x_refsource_CONFIRM
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now