CVE-2021-3325

Name of the Vulnerable Software and Affected Versions Monitorix version 3.13.0

Description The issue allows remote attackers to bypass Basic Authentication in a default installation, which is an installation without a hosts deny option. This occurred because a new access-control feature was introduced without considering that some existing installations became unsafe upon an update to 3.13.0, unless the new feature was immediately configured.

Recommendations For Monitorix version 3.13.0, consider immediately configuring the new access-control feature to prevent remote attackers from bypassing Basic Authentication. As a temporary workaround, restrict access to the default installation to minimize the risk of exploitation.