CVE-2023-38349

Name of the Vulnerable Software and Affected Versions PNP4Nagios versions 0.6.26 and prior to version 81ebfc5

Description The issue is related to a lack of CSRF protection in the AJAX controller of the PNP4Nagios performance analyzer, which is part of the Nagios network monitoring system. This allows a remote attacker to perform a CSRF attack.

Recommendations For PNP4Nagios version 0.6.26, consider disabling the AJAX controller until a patch is available. For versions prior to 81ebfc5, restrict access to the AJAX controller to minimize the risk of exploitation. As a temporary workaround, avoid using the vulnerable AJAX controller functionality until the issue is resolved.