4

CVE-2013-2214

status.cgi in Nagios 4.0 before 4.0 beta4 and 3.x before 3.5.1 does not properly restrict access to certain users that are a contact for a service, which allows remote authenticated users to obtain sensitive information about hostnames via the servicegroup (1) overview, (2) summary, or (3) grid style in status.cgi.  NOTE: this behavior is by design in most 3.x versions, but the upstream vendor "decided to change it for Nagios 4" and 3.5.1.

Data is provided by the National Vulnerability Database (NVD)
NagiosNagios Version3.0
NagiosNagios Version3.0 Updatealpha1
NagiosNagios Version3.0 Updatealpha2
NagiosNagios Version3.0 Updatealpha3
NagiosNagios Version3.0 Updatealpha4
NagiosNagios Version3.0 Updatealpha5
NagiosNagios Version3.0 Updatebeta1
NagiosNagios Version3.0 Updatebeta2
NagiosNagios Version3.0 Updatebeta3
NagiosNagios Version3.0 Updatebeta4
NagiosNagios Version3.0 Updatebeta5
NagiosNagios Version3.0 Updatebeta6
NagiosNagios Version3.0 Updatebeta7
NagiosNagios Version3.0 Updaterc1
NagiosNagios Version3.0 Updaterc2
NagiosNagios Version3.0 Updaterc3
NagiosNagios Version3.0.1
NagiosNagios Version3.0.2
NagiosNagios Version3.0.3
NagiosNagios Version3.0.4
NagiosNagios Version3.0.5
NagiosNagios Version3.0.6
NagiosNagios Version3.1.0
NagiosNagios Version3.1.1
NagiosNagios Version3.1.2
NagiosNagios Version3.2.0
NagiosNagios Version3.2.1
NagiosNagios Version3.2.2
NagiosNagios Version3.2.3
NagiosNagios Version3.3.1
NagiosNagios Version3.4.0
NagiosNagios Version3.4.1
NagiosNagios Version3.4.2
NagiosNagios Version3.4.3
NagiosNagios Version3.4.4
NagiosNagios Version3.5.0
NagiosNagios Version4.0.0 Updatebeta1
NagiosNagios Version4.0.0 Updatebeta2
NagiosNagios Version4.0.0 Updatebeta3
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 2.68% 0.852
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 4 8 2.9
AV:N/AC:L/Au:S/C:P/I:N/A:N