PT-2025-44494 · Nagios · Nagios Log Server
Published
2023-12-05
·
Updated
2025-10-31
·
CVE-2023-7322
CVSS v2.0
9.0
High
| Vector | AV:N/AC:L/Au:S/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
Nagios Log Server versions prior to 2024R1
Description
Nagios Log Server versions prior to 2024R1 have an incorrect authorization issue. Users without the necessary API permissions could access API endpoints, leading to unauthorized data access and actions. This incorrect authorization check allowed authenticated users with insufficient privileges to read or modify resources they should not have access to. The issue involves the ability to invoke API endpoints without proper authorization.
Recommendations
Update to version 2024R1 or later.
Fix
Incorrect Authorization
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Nagios Log Server