Advisories » MGASA-2021-0209

Updated nagios packages fix a security vulnerability

Publication date: 12 May 2021
Modification date: 12 May 2021
Type: security
Affected Mageia releases : 7
CVE: CVE-2020-13977

Description

Nagios 4.4.5 allows an attacker, who already has administrative access to
change the "URL for JSON CGIs" configuration setting, to modify the Alert
Histogram and Trends code via crafted versions of the archivejson.cgi,
objectjson.cgi, and statusjson.cgi files (CVE-2020-13977).
                

References

• https://bugs.mageia.org/show_bug.cgi?id=28557
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/JUEIABR4Y6L5J5MZDFWU46ZWXMJO64U3/
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13977

SRPMS

7/core

• nagios-4.4.3-2.1.mga7