Mageia 7: 2021-0209 Critical: Nagios Remote Access Vulnerability Fix
mageia
May 12, 2021
Nagios 4.4.5 allows an attacker, who already has administrative access to change the "URL for JSON CGIs" configuration setting, to modify the Alert Histogram and Trends code via cr...
Summary
Nagios 4.4.5 allows an attacker, who already has administrative access to
change the "URL for JSON CGIs" configuration setting, to modify the Alert
Histogram and Trends code via crafted versions of the archivejson.cgi,
objectjson.cgi, and statusjson.cgi files (CVE-2020-13977).
References
- https://bugs.mageia.org/show_bug.cgi?id=28557
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/JUEIABR4Y6L5J5MZDFWU46ZWXMJO64U3/
- https://www.cve.org/CVERecord?id=CVE-2020-13977
Resolution
SRPMS
- 7/core/nagios-4.4.3-2.1.mga7
PREVIOUS 
NEXT Severity
critical
Lowest
Low
Medium
High
Critical
Publication date: 12 May 2021
URL: https://advisories.mageia.org/MGASA-2021-0209.html
Type: security
CVE: CVE-2020-13977
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!