Lucene search

Redhat.comRH:CVE-2020-35269

HistoryDec 28, 2020 - 3:33 p.m.

CVE-2020-35269

2020-12-2815:33:30

redhat.com

access.redhat.com

nagios core

csrf

web ui

vulnerability

arbitrary actions

confidentiality

integrity

system availability

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

31.5%

JSON

A flaw was found in the Nagios Core application, where it is vulnerable to Site-Wide Cross-Site Request Forgery (CSRF) in many functions, such as adding – deleting for hosts or servers. The vulnerability is due to insufficient CSRF protections for the web UI on an affected version. This flaw allows an attacker to persuade a user of the interface to follow a malicious link. A successful exploit allows the attacker to perform arbitrary actions with the privilege level of the affected user. The highest threat from this vulnerability is to confidentiality, integrity, as well a system availability.

References

bugzilla.redhat.com/show_bug.cgi?id=1911286

nvd.nist.gov/vuln/detail/CVE-2020-35269

www.cve.org/CVERecord?id=CVE-2020-35269

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

31.5%

JSON

Related for RH:CVE-2020-35269