CVE-2020-13977

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2020-13977

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-13977.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2020-13977

Related

Published

2020-06-09T14:15:10Z

Modified

2024-09-18T03:07:13.922093Z

Severity

4.9 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N CVSS Calculator

Summary

[none]

Details

Nagios 4.4.5 allows an attacker, who already has administrative access to change the "URL for JSON CGIs" configuration setting, to modify the Alert Histogram and Trends code via crafted versions of the archivejson.cgi, objectjson.cgi, and statusjson.cgi files. NOTE: this vulnerability has been mistakenly associated with CVE-2020-1408.

References

Affected packages

Debian:11 / nagios4

Package

Name: nagios4
Purl: pkg:deb/debian/nagios4?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

4.3.4-4

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / nagios4

Package

Name: nagios4
Purl: pkg:deb/debian/nagios4?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

4.3.4-4

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / nagios4

Package

Name: nagios4
Purl: pkg:deb/debian/nagios4?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

4.3.4-4

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Git / github.com/nagiosenterprises/nagioscore

Affected ranges

Type: GIT
Repo: https://github.com/nagiosenterprises/nagioscore
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

73a6b070e46c63aa6e2be731133c1b078cbee35c

Affected versions

4.*

4.2.1

autoconf-1.*

autoconf-1.0.0

autoconf-1.0.1

nagios-1.*

nagios-1.0a6

nagios-1.0a7

nagios-1.0b1

nagios-1.0b2

nagios-1.0b3

nagios-1.0b4

nagios-1.0b5

nagios-1.0b6

nagios-2.*

nagios-2.0

nagios-2.0.b5

nagios-2.0b1

nagios-2.0b2

nagios-2.0b3

nagios-2.0b4

nagios-2.0b6

nagios-2.0rc1

nagios-3.*

nagios-3.0

nagios-3.0.1

nagios-3.0.2

nagios-3.0.3

nagios-3.0.4

nagios-3.0.5

nagios-3.0.6

nagios-3.0a1

nagios-3.0a2

nagios-3.0a3

nagios-3.0a4

nagios-3.0a5

nagios-3.0b1

nagios-3.0b2

nagios-3.0b3

nagios-3.0b4

nagios-3.0b5

nagios-3.0b6

nagios-3.0b7

nagios-3.0rc1

nagios-3.0rc2

nagios-3.0rc3

nagios-3.1.0

nagios-3.1.1

nagios-3.1.2

nagios-3.2.0

nagios-3.2.1

nagios-3.2.2

nagios-3.2.3

nagios-3.3.1

nagios-3.4.0

nagios-3.4.1

nagios-4.*

nagios-4.0.0

nagios-4.0.0-beta1

nagios-4.0.0-beta2

nagios-4.0.0-beta3

nagios-4.0.0-beta4

nagios-4.0.1

nagios-4.0.2

nagios-4.0.2rc1

nagios-4.0.3

nagios-4.0.3rc1

nagios-4.0.4

nagios-4.0.5

nagios-4.0.6

nagios-4.0.7

nagios-4.0.8

nagios-4.0.8rc1

nagios-4.1.0

nagios-4.1.0rc2

nagios-4.1.1

nagios-4.1.2-Pre1

nagios-4.2.0

nagios-4.2.1

nagios-4.2.2

nagios-4.2.3

nagios-4.3.0

nagios-4.3.1

nagios-4.3.2

nagios-4.3.3

nagios-4.3.4

nagios-4.4.0

nagios-4.4.1

nagios-4.4.2

nagios-4.4.3

nagios-4.4.3rc1

nagios-4.4.4

nagios-4.4.5

release-4.*

release-4.2.3

release-4.2.4

release-4.3.0