CVE-2020-13977

Source
https://cve.org/CVERecord?id=CVE-2020-13977
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-13977.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2020-13977
Downstream
Related
Published
2020-06-09T14:15:10.063Z
Modified
2026-07-08T05:56:32.491198379Z
Severity
  • 4.9 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N CVSS Calculator
Summary
[none]
Details

Nagios 4.4.5 allows an attacker, who already has administrative access to change the "URL for JSON CGIs" configuration setting, to modify the Alert Histogram and Trends code via crafted versions of the archivejson.cgi, objectjson.cgi, and statusjson.cgi files. NOTE: this vulnerability has been mistakenly associated with CVE-2020-1408.

Database specific
{
    "unresolved_ranges": [
        {
            "vendor_product": "fedoraproject:fedora",
            "cpes": [
                "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*",
                "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*",
                "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*"
            ],
            "source": "CPE_STRING",
            "extracted_events": [
                {
                    "introduced": "32"
                },
                {
                    "last_affected": "32"
                },
                {
                    "introduced": "33"
                },
                {
                    "last_affected": "33"
                },
                {
                    "introduced": "34"
                },
                {
                    "last_affected": "34"
                }
            ]
        }
    ]
}
References

Affected packages

Git / github.com/nagiosenterprises/nagioscore

Affected ranges

Type
GIT
Repo
https://github.com/nagiosenterprises/nagioscore
Events
Database specific
{
    "cpe": "cpe:2.3:a:nagios:nagios:4.4.5:*:*:*:*:*:*:*",
    "extracted_events": [
        {
            "introduced": "4.4.5"
        },
        {
            "last_affected": "4.4.5"
        }
    ],
    "source": "CPE_STRING"
}

Affected versions

4.*
4.4.5
nagios-4.*
nagios-4.4.5

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-13977.json"