CVE-2023-7322

EPSS 0.25%
Veröffentlicht 30.10.2025 21:23:34
Zuletzt bearbeitet 06.11.2025 16:20:51
Quelle disclosure@vulncheck.com
CVE-Watchlists
Login
Unerledigt
Login

Nagios Log Server versions prior to 2024R1 contain an incorrect authorization vulnerability. Users who lacked the required API permission were nevertheless able to invoke API endpoints, resulting in unintended access to data and actions exposed via the API. This incorrect authorization check could allow authenticated but non-privileged users to read or modify resources beyond their intended rights.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 5

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Nagios ≫ Log Server Version < 2024

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.25%	0.485

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	8.1	2.8	5.2	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
disclosure@vulncheck.com	8.7	0	0	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

CWE-863 Incorrect Authorization

The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check.

https://www.nagios.com/changelog/nagios-log-server-2024r1/

Release Notes

https://www.vulncheck.com/advisories/nagios-log-server-incorrect-authorization-granting-full-api-access

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2023-7322

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-7322

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-7322

EUVD