Nagios Log Server versions prior to 2024R1 contain an...
High severity
Unreviewed
Published
Oct 31, 2025
to the GitHub Advisory Database
•
Updated Nov 6, 2025
Description
Published by the National Vulnerability Database
Oct 30, 2025
Published to the GitHub Advisory Database
Oct 31, 2025
Last updated
Nov 6, 2025
Nagios Log Server versions prior to 2024R1 contain an incorrect authorization vulnerability. Users who lacked the required API permission were nevertheless able to invoke API endpoints, resulting in unintended access to data and actions exposed via the API. This incorrect authorization check could allow authenticated but non-privileged users to read or modify resources beyond their intended rights.
References