Favorites Component up to 1.0.1 on Nagios resource injection

entryeditHistoryDiffjsonxmlCTI

A vulnerability classified as critical was found in Favorites Component up to 1.0.1 on Nagios. Affected by this vulnerability is an unknown function. Upgrading to version 1.0.2 eliminates this vulnerability.

Field	02/04/2021 10:54 AM	02/23/2021 01:54 PM
name	Favorites Component	Favorites Component
version	<=1.0.1	<=1.0.1
platform	Nagios	Nagios
cwe	99 (privilege escalation)	99 (privilege escalation)
risk	2	2
cvss3_vuldb_ui	N	N
cvss3_vuldb_c	L	L
cvss3_vuldb_i	L	L
cvss3_vuldb_a	L	L
cvss3_vuldb_rl	O	O
cvss3_vuldb_rc	C	C
name	Upgrade	Upgrade
upgrade_version	1.0.2	1.0.2
cve	CVE-2021-26024	CVE-2021-26024
date	1612393200 (02/04/2021)	1612393200 (02/04/2021)
cvss2_vuldb_ci	P	P
cvss2_vuldb_ii	P	P
cvss2_vuldb_ai	P	P
cvss2_vuldb_rc	C	C
cvss2_vuldb_rl	OF	OF
cvss2_vuldb_av	A	A
cvss2_vuldb_ac	M	M
cvss2_vuldb_au	S	S
cvss2_vuldb_e	ND	ND
cvss3_vuldb_av	A	A
cvss3_vuldb_ac	L	L
cvss3_vuldb_pr	L	L
cvss3_vuldb_s	U	U
cvss3_vuldb_e	X	X
cvss2_vuldb_basescore	4.9	4.9
cvss2_vuldb_tempscore	4.9	4.3
cvss3_vuldb_basescore	5.5	5.5
cvss3_vuldb_tempscore	5.5	5.3
cvss3_meta_basescore	5.5	5.5
cvss3_meta_tempscore	5.5	5.3
price_0day	$0-$5k	$0-$5k
cve_assigned		1611356400
cve_nvd_summary		The Favorites component before 1.0.2 for Nagios XI 5.8.0 is vulnerable to Insecure Direct Object Reference: it is possible to create favorites for any other user account.
confirm_url		https://www.nagios.com/products/security/

◂ Previous Overview Next ▸

Interested in the pricing of exploits?

See the underground prices here!