CVE-2020-13977
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2020-13977
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-13977.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2020-13977
- Related
- Published
- 2020-06-09T14:15:10Z
- Modified
- 2025-01-08T06:57:46.702745Z
- Downstream
- Severity
-
- 4.9 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N CVSS Calculator
- Summary
- [none]
- Details
-
Nagios 4.4.5 allows an attacker, who already has administrative access to change the "URL for JSON CGIs" configuration setting, to modify the Alert Histogram and Trends code via crafted versions of the archivejson.cgi, objectjson.cgi, and statusjson.cgi files. NOTE: this vulnerability has been mistakenly associated with CVE-2020-1408.
- References
-
- https://www.nagios.org/projects/nagios-core/history/4x/
- https://anhtai.me/nagios-core-4-4-5-url-injection/
- https://github.com/sawolf/nagioscore/tree/url-injection-fix
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5P6NHNG2SJAM6DXVTXQH3AOJ4WQVKJUE/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H7T6MSDWMBJEVVFSOK7DOYJJWDAFQCEQ/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JUEIABR4Y6L5J5MZDFWU46ZWXMJO64U3/
- https://security-tracker.debian.org/tracker/CVE-2020-13977
Affected packages
Debian:11 / nagios4
Package
- Name
- nagios4
- Purl
- pkg:deb/debian/nagios4?arch=source
Debian:12 / nagios4
Package
- Name
- nagios4
- Purl
- pkg:deb/debian/nagios4?arch=source
Debian:13 / nagios4
Package
- Name
- nagios4
- Purl
- pkg:deb/debian/nagios4?arch=source
Git / github.com/nagiosenterprises/nagioscore
Affected ranges
- Type
- GIT
- Repo
- https://github.com/nagiosenterprises/nagioscore
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedLast affected
Affected versions
4.*
4.2.1
autoconf-1.*
autoconf-1.0.0
autoconf-1.0.1
nagios-1.*
nagios-1.0a6
nagios-1.0a7
nagios-1.0b1
nagios-1.0b2
nagios-1.0b3
nagios-1.0b4
nagios-1.0b5
nagios-1.0b6
nagios-2.*
nagios-2.0
nagios-2.0.b5
nagios-2.0b1
nagios-2.0b2
nagios-2.0b3
nagios-2.0b4
nagios-2.0b6
nagios-2.0rc1
nagios-3.*
nagios-3.0
nagios-3.0.1
nagios-3.0.2
nagios-3.0.3
nagios-3.0.4
nagios-3.0.5
nagios-3.0.6
nagios-3.0a1
nagios-3.0a2
nagios-3.0a3
nagios-3.0a4
nagios-3.0a5
nagios-3.0b1
nagios-3.0b2
nagios-3.0b3
nagios-3.0b4
nagios-3.0b5
nagios-3.0b6
nagios-3.0b7
nagios-3.0rc1
nagios-3.0rc2
nagios-3.0rc3
nagios-3.1.0
nagios-3.1.1
nagios-3.1.2
nagios-3.2.0
nagios-3.2.1
nagios-3.2.2
nagios-3.2.3
nagios-3.3.1
nagios-3.4.0
nagios-3.4.1
nagios-4.*
nagios-4.0.0
nagios-4.0.0-beta1
nagios-4.0.0-beta2
nagios-4.0.0-beta3
nagios-4.0.0-beta4
nagios-4.0.1
nagios-4.0.2
nagios-4.0.2rc1
nagios-4.0.3
nagios-4.0.3rc1
nagios-4.0.4
nagios-4.0.5
nagios-4.0.6
nagios-4.0.7
nagios-4.0.8
nagios-4.0.8rc1
nagios-4.1.0
nagios-4.1.0rc2
nagios-4.1.1
nagios-4.1.2-Pre1
nagios-4.2.0
nagios-4.2.1
nagios-4.2.2
nagios-4.2.3
nagios-4.3.0
nagios-4.3.1
nagios-4.3.2
nagios-4.3.3
nagios-4.3.4
nagios-4.4.0
nagios-4.4.1
nagios-4.4.2
nagios-4.4.3
nagios-4.4.3rc1
nagios-4.4.4
nagios-4.4.5
release-4.*
release-4.2.3
release-4.2.4
release-4.3.0