6.5
CVE-2025-34272
- EPSS 1.22%
- Veröffentlicht 30.10.2025 21:25:10
- Zuletzt bearbeitet 06.11.2025 16:29:24
- Quelle disclosure@vulncheck.com
- CVE-Watchlists
- Unerledigt
Nagios Log Server < 2024R2.0.3 Non-Empty Default Dashboard Fallback
In Nagios Log Server versions prior to 2024R2.0.3, when a user's configured default dashboard is deleted, the application does not reliably fall back to an empty, default dashboard. In some implementations this can result in an unexpected dashboard being presented as the user's default view. Depending on the product's dashboard sharing and access policies, this behavior may cause information exposure or unexpected privilege exposure.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Nagios ≫ Log Server Version < 2024
Nagios ≫ Log Server Version2024 Updater1
Nagios ≫ Log Server Version2024 Updater1.0.1
Nagios ≫ Log Server Version2024 Updater1.0.2
Nagios ≫ Log Server Version2024 Updater1.1
Nagios ≫ Log Server Version2024 Updater1.2
Nagios ≫ Log Server Version2024 Updater1.3
Nagios ≫ Log Server Version2024 Updater1.3.1
Nagios ≫ Log Server Version2024 Updater1.3.2
Nagios ≫ Log Server Version2024 Updater1.3.3
Nagios ≫ Log Server Version2024 Updater1.3.4
Nagios ≫ Log Server Version2024 Updater1.3.5
Nagios ≫ Log Server Version2024 Updater2
Nagios ≫ Log Server Version2024 Updater2.0.1
Nagios ≫ Log Server Version2024 Updater2.0.2
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. 
Login
Login| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 1.22% | 0.791 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 6.5 | 2.8 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
|
| disclosure@vulncheck.com | 5.3 | 0 | 0 |
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
|
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.