Main Vulnerability Database SB2021030328

SB2021030328 - Fedora 34 update for nagios

Published: March 3, 2021

Security Bulletin ID SB2021030328

Severity

Medium

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Data manipulation

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Improper Neutralization of Special Elements in Output Used by a Downstream Component (CVE-ID: CVE-2020-13977)

The vulnerability allows a remote privileged user to manipulate data.

Nagios 4.4.5 allows an attacker, who already has administrative access to change the "URL for JSON CGIs" configuration setting, to modify the Alert Histogram and Trends code via crafted versions of the archivejson.cgi, objectjson.cgi, and statusjson.cgi files. NOTE: this vulnerability has been mistakenly associated with CVE-2020-1408.

Remediation

Install update from vendor's website.

References

https://bodhi.fedoraproject.org/updates/FEDORA-2021-01a2f76cc3