PT-2025-44515 · Nagios · Nagios Log Server
Published
2025-08-05
·
Updated
2025-10-31
·
CVE-2025-34272
CVSS v2.0
6.8
Medium
| Vector | AV:N/AC:L/Au:S/C:C/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Nagios Log Server versions prior to 2024R2.0.3
Description
When a user’s configured default dashboard is deleted in Nagios Log Server, the application does not consistently revert to an empty default dashboard. This can lead to an unexpected dashboard being displayed as the user’s default view. Depending on the dashboard sharing and access policies, this behavior may result in information exposure or unexpected privilege exposure.
Recommendations
Update to version 2024R2.0.3 or later.
Fix
Information Disclosure
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Nagios Log Server