CVE-2020-13977

CVSS 4.9 - MEDIUM
Description

Nagios 4.4.5 allows an attacker, who already has administrative access to change the "URL for JSON CGIs" configuration setting, to modify the Alert Histogram and Trends code via crafted versions of the archivejson.cgi, objectjson.cgi, and statusjson.cgi files. NOTE: this vulnerability has been mistakenly associated with CVE-2020-1408.

Affected Products
4
Vendor Product Version
nagios nagios 4.4.5
fedoraproject fedora 32
fedoraproject fedora 33
fedoraproject fedora 34
References
https://anhtai.me/nagios-core-4-4-5-url-injection/
https://github.com/sawolf/nagioscore/tree/url-inje...
https://lists.fedoraproject.org/archives/list/pack...
https://lists.fedoraproject.org/archives/list/pack...
https://lists.fedoraproject.org/archives/list/pack...
https://www.nagios.org/projects/nagios-core/histor...
https://anhtai.me/nagios-core-4-4-5-url-injection/
https://github.com/sawolf/nagioscore/tree/url-inje...
https://lists.fedoraproject.org/archives/list/pack...
https://lists.fedoraproject.org/archives/list/pack...
https://lists.fedoraproject.org/archives/list/pack...
https://www.nagios.org/projects/nagios-core/histor...
Weakness Types
CWE-829
CVE Information
CVE ID:
CVE-2020-13977
Published:
2020-06-09
Modified:
2024-11-21
CVSS Score:
4.9
Severity:
MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N
Affected Vendors
fedoraproject nagios
Quick Actions
View on NVD Find Similar CVEs
CVSS Severity Scale
0.0 - 3.9 LOW
4.0 - 6.9 MEDIUM
7.0 - 8.9 HIGH
9.0 - 10.0 CRITICAL