9.8
CVE-2021-3325
- EPSS 2.23%
- Veröffentlicht 27.01.2021 19:15:13
- Zuletzt bearbeitet 21.11.2024 06:21:17
- CVE-Watchlists
- Unerledigt
Monitorix 3.13.0 allows remote attackers to bypass Basic Authentication in a default installation (i.e., an installation without a hosts_deny option). This issue occurred because a new access-control feature was introduced without considering that some exiting installations became unsafe, upon an update to 3.13.0, unless the new feature was immediately configured.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Fedoraproject ≫ Fedora Version32
Fedoraproject ≫ Fedora Version33
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 2.23% | 0.804 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 9.8 | 3.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 7.5 | 10 | 6.4 |
AV:N/AC:L/Au:N/C:P/I:P/A:P
|
https://github.com/mikaku/Monitorix/commit/d6816e20da1a98bcdc6372d9c36a093df5238f4a
https://github.com/mikaku/Monitorix/compare/v3.13.0...v3.13.1
https://github.com/mikaku/Monitorix/issues/309
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/67DDUU56LP76AJ2K7WJ733QPL2FHKKNG/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IGG6WK44CYY6GEFRTCUEDANVNSX5NDH7/
https://www.monitorix.org/news.html?n=20210127