Home

Description

Nagios Log Server versions prior to 2024R1 contain an incorrect authorization vulnerability. Users who lacked the required API permission were nevertheless able to invoke API endpoints, resulting in unintended access to data and actions exposed via the API. This incorrect authorization check could allow authenticated but non-privileged users to read or modify resources beyond their intended rights.

PUBLISHED Reserved 2025-10-28 | Published 2025-10-30 | Updated 2025-10-31 | Assigner VulnCheck




HIGH: 8.7CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Problem types

CWE-863 Incorrect Authorization

Product status

Default status
unaffected

Any version before 2024R1
affected

References

www.nagios.com/changelog/nagios-log-server-2024r1/ release-notes patch

www.vulncheck.com/...-authorization-granting-full-api-access third-party-advisory

cve.org (CVE-2023-7322)

nvd.nist.gov (CVE-2023-7322)

Download JSON