CVE-2024-13998

Name of the Vulnerable Software and Affected Versions Nagios XI versions prior to 2024R1.1.3

Description Nagios XI may disclose sensitive user account information, including API keys and hashed passwords, to authenticated users who lack the necessary permissions. This exposure could lead to account compromise, misuse of API privileges, or attempts to crack passwords offline. The issue relates to unauthorized access to protected information within the IT infrastructure monitoring tool.

Recommendations Update to version 2024R1.1.3 or later.