CVE-2013-3500

Name of the Vulnerable Software and Affected Versions GroundWork Monitor Enterprise version 6.7.0

Description The issue concerns the Foundation webapp admin interface in GroundWork Monitor Enterprise, where it uses the nagios account as the owner of writable files under /usr/local/groundwork. This setup allows attackers to bypass intended filesystem restrictions by leveraging access to a GroundWork script.

Recommendations For GroundWork Monitor Enterprise version 6.7.0, consider changing the ownership of writable files under /usr/local/groundwork to a more restrictive account to prevent unauthorized access. Additionally, restrict access to GroundWork scripts to minimize the risk of exploitation.