PT-2020-17304 · Nagios+1 · Nagios Core+1

Published

2020-12-23

Updated

2021-03-02

CVE-2020-35269

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Nagios Core version 4.2.4

Description The issue concerns a Site-Wide Cross-Site Request Forgery (CSRF) in the Nagios Core application, affecting various functions such as adding or deleting hosts or servers.

Recommendations For Nagios Core version 4.2.4, consider disabling the functions that are vulnerable to CSRF attacks until a patch is available. Restrict access to these functions to minimize the risk of exploitation.

Fix

CSRF

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-352

Related Identifiers

CVE-2020-35269

Affected Products

Debian

Nagios Core

PT-2020-17304 · Nagios+1 · Nagios Core+1

CVE-2020-35269

Weakness Enumeration

Related Identifiers

Affected Products

References · 12