Favorites Component up to 1.0.1 on Nagios resource injection

entryeditHistoryDiffjsonxmlCTI

A vulnerability classified as critical was found in Favorites Component up to 1.0.1 on Nagios. Affected by this vulnerability is an unknown function. Upgrading to version 1.0.2 eliminates this vulnerability.

Field02/04/2021 10:54 AM02/23/2021 01:54 PM
nameFavorites ComponentFavorites Component
version<=1.0.1<=1.0.1
platformNagiosNagios
cwe99 (privilege escalation)99 (privilege escalation)
risk22
cvss3_vuldb_uiNN
cvss3_vuldb_cLL
cvss3_vuldb_iLL
cvss3_vuldb_aLL
cvss3_vuldb_rlOO
cvss3_vuldb_rcCC
nameUpgradeUpgrade
upgrade_version1.0.21.0.2
cveCVE-2021-26024CVE-2021-26024
date1612393200 (02/04/2021)1612393200 (02/04/2021)
cvss2_vuldb_ciPP
cvss2_vuldb_iiPP
cvss2_vuldb_aiPP
cvss2_vuldb_rcCC
cvss2_vuldb_rlOFOF
cvss2_vuldb_avAA
cvss2_vuldb_acMM
cvss2_vuldb_auSS
cvss2_vuldb_eNDND
cvss3_vuldb_avAA
cvss3_vuldb_acLL
cvss3_vuldb_prLL
cvss3_vuldb_sUU
cvss3_vuldb_eXX
cvss2_vuldb_basescore4.94.9
cvss2_vuldb_tempscore4.94.3
cvss3_vuldb_basescore5.55.5
cvss3_vuldb_tempscore5.55.3
cvss3_meta_basescore5.55.5
cvss3_meta_tempscore5.55.3
price_0day$0-$5k$0-$5k
cve_assigned1611356400
cve_nvd_summaryThe Favorites component before 1.0.2 for Nagios XI 5.8.0 is vulnerable to Insecure Direct Object Reference: it is possible to create favorites for any other user account.
confirm_urlhttps://www.nagios.com/products/security/

Interested in the pricing of exploits?

See the underground prices here!