Home

Description

In Nagios Log Server versions prior to 2024R2.0.3, when a user's configured default dashboard is deleted, the application does not reliably fall back to an empty, default dashboard. In some implementations this can result in an unexpected dashboard being presented as the user's default view. Depending on the product's dashboard sharing and access policies, this behavior may cause information exposure or unexpected privilege exposure.

PUBLISHED Reserved 2025-04-15 | Published 2025-10-30 | Updated 2025-10-31 | Assigner VulnCheck




MEDIUM: 5.3CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Problem types

CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

Product status

Default status
unaffected

Any version before 2024R2.0.3
affected

References

www.nagios.com/products/security/ vendor-advisory patch

www.nagios.com/changelog/ release-notes patch

www.vulncheck.com/...er-non-empty-default-dashboard-fallback third-party-advisory

cve.org (CVE-2025-34272)

nvd.nist.gov (CVE-2025-34272)

Download JSON