fkie_nvd - fkie_cve-2013-2214

fkie_cve-2013-2214

Vulnerability from fkie_nvd

Published

2014-02-10 23:55

Modified

2025-04-11 00:51

Severity ?

Summary

status.cgi in Nagios 4.0 before 4.0 beta4 and 3.x before 3.5.1 does not properly restrict access to certain users that are a contact for a service, which allows remote authenticated users to obtain sensitive information about hostnames via the servicegroup (1) overview, (2) summary, or (3) grid style in status.cgi. NOTE: this behavior is by design in most 3.x versions, but the upstream vendor "decided to change it for Nagios 4" and 3.5.1.

References

URL	Tags
secalert@redhat.com	http://lists.opensuse.org/opensuse-updates/2013-07/msg00029.html
secalert@redhat.com	http://lists.opensuse.org/opensuse-updates/2013-07/msg00031.html
secalert@redhat.com	http://seclists.org/oss-sec/2013/q2/619
secalert@redhat.com	http://seclists.org/oss-sec/2013/q2/622
secalert@redhat.com	http://tracker.nagios.org/view.php?id=456	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://lists.opensuse.org/opensuse-updates/2013-07/msg00029.html
af854a3a-2127-422b-91ae-364da2661108	http://lists.opensuse.org/opensuse-updates/2013-07/msg00031.html
af854a3a-2127-422b-91ae-364da2661108	http://seclists.org/oss-sec/2013/q2/619
af854a3a-2127-422b-91ae-364da2661108	http://seclists.org/oss-sec/2013/q2/622
af854a3a-2127-422b-91ae-364da2661108	http://tracker.nagios.org/view.php?id=456	Vendor Advisory

Impacted products

Vendor	Product	Version
nagios	nagios	3.0
nagios	nagios	3.0
nagios	nagios	3.0
nagios	nagios	3.0
nagios	nagios	3.0
nagios	nagios	3.0
nagios	nagios	3.0
nagios	nagios	3.0
nagios	nagios	3.0
nagios	nagios	3.0
nagios	nagios	3.0
nagios	nagios	3.0
nagios	nagios	3.0
nagios	nagios	3.0
nagios	nagios	3.0
nagios	nagios	3.0
nagios	nagios	3.0.1
nagios	nagios	3.0.2
nagios	nagios	3.0.3
nagios	nagios	3.0.4
nagios	nagios	3.0.5
nagios	nagios	3.0.6
nagios	nagios	3.1.0
nagios	nagios	3.1.1
nagios	nagios	3.1.2
nagios	nagios	3.2.0
nagios	nagios	3.2.1
nagios	nagios	3.2.2
nagios	nagios	3.2.3
nagios	nagios	3.3.1
nagios	nagios	3.4.0
nagios	nagios	3.4.1
nagios	nagios	3.4.2
nagios	nagios	3.4.3
nagios	nagios	3.4.4
nagios	nagios	3.5.0
nagios	nagios	4.0.0
nagios	nagios	4.0.0
nagios	nagios	4.0.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:nagios:nagios:3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DDCA77EF-1020-4068-9CDC-5CF3B0CD66A7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nagios:nagios:3.0:alpha1:*:*:*:*:*:*",
              "matchCriteriaId": "751C46D5-877F-454B-8488-BBCA10CA4930",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nagios:nagios:3.0:alpha2:*:*:*:*:*:*",
              "matchCriteriaId": "F4754494-17BE-496E-A7B8-453B3028CC45",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nagios:nagios:3.0:alpha3:*:*:*:*:*:*",
              "matchCriteriaId": "CD15E8FA-04D3-4625-BEA5-9F5CC0337699",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nagios:nagios:3.0:alpha4:*:*:*:*:*:*",
              "matchCriteriaId": "713C5F3E-AA57-4F52-AC0A-9B1F25C25580",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nagios:nagios:3.0:alpha5:*:*:*:*:*:*",
              "matchCriteriaId": "690EA084-9E58-4226-B490-2969E6C6BEBC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nagios:nagios:3.0:beta1:*:*:*:*:*:*",
              "matchCriteriaId": "0AFABA9F-4A45-4150-AED1-897267076A32",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nagios:nagios:3.0:beta2:*:*:*:*:*:*",
              "matchCriteriaId": "830BB564-82FD-4519-A8EA-DCDF74F2BC54",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nagios:nagios:3.0:beta3:*:*:*:*:*:*",
              "matchCriteriaId": "9A975310-9591-4EBF-B987-CA43433B4C54",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nagios:nagios:3.0:beta4:*:*:*:*:*:*",
              "matchCriteriaId": "8653D6A2-4B5B-4F1D-A898-8F81F29C6FC2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nagios:nagios:3.0:beta5:*:*:*:*:*:*",
              "matchCriteriaId": "D18649FF-8838-432E-93B8-3F8B82B0DEA9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nagios:nagios:3.0:beta6:*:*:*:*:*:*",
              "matchCriteriaId": "9375EA90-0763-4817-8C7D-2D7E116E043F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nagios:nagios:3.0:beta7:*:*:*:*:*:*",
              "matchCriteriaId": "C02C2F95-2AC2-4E0C-B5D0-785CDF1EDB85",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nagios:nagios:3.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "12E7BC34-65F0-4DD6-8809-F05320955479",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nagios:nagios:3.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "390CFA92-68AE-4DE9-A199-1B7290A82168",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nagios:nagios:3.0:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "1E56F249-3E6A-4764-8CAE-D3E5B6A86AB3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nagios:nagios:3.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "953745B7-1381-47F5-8012-E699EFA065CC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nagios:nagios:3.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "87A8A3DA-61AF-4369-ACB0-7D54EEB1DAA1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nagios:nagios:3.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "40B7525F-EEE1-4537-BCE6-15DF3E348FEF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nagios:nagios:3.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "6B831C72-C932-4B8C-8B16-C3BC2672AF98",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nagios:nagios:3.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "FC5BB3C9-BBC6-43D8-830A-38020F50B148",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nagios:nagios:3.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "BC9E1C24-9907-44F4-9166-5C679F05DF12",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nagios:nagios:3.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A8BE6777-6CA9-443E-A2A5-CCD3ED7EAECF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nagios:nagios:3.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "9F8F3B76-7443-437E-B908-95D0EF0214C7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nagios:nagios:3.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "EF23E8B9-6F07-471A-8332-E6B35DFCE37A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nagios:nagios:3.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4EEFF0B7-60B4-4022-9EF5-101B707BAC6C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nagios:nagios:3.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "7BC14996-78F9-4A95-9750-1229E57C19C7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nagios:nagios:3.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "C4C3195A-7B72-45BA-8F83-6B0FE00D3B8B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nagios:nagios:3.2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "4584E0CD-A0F9-4AD1-ACC5-800E38F5DD59",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nagios:nagios:3.3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "166D983D-2D1B-45D4-8ACF-68ED11BBF5BE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nagios:nagios:3.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "68D2FFFD-9A12-4230-90F6-AC5E3676FD04",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nagios:nagios:3.4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "21A1C2E3-9E5C-4F00-8393-33DAC6765332",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nagios:nagios:3.4.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "F2C8C695-EBA7-4FD0-BBD0-F339757559EE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nagios:nagios:3.4.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "B06E7504-A5C5-42F3-B325-EE9905A9783A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nagios:nagios:3.4.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "6B555161-CF36-47FE-BDAA-C45E8C4B0E33",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nagios:nagios:3.5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "1497A778-52F2-4558-B0B4-833FB8D76036",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nagios:nagios:4.0.0:beta1:*:*:*:*:*:*",
              "matchCriteriaId": "834089CF-70FA-4785-9CE0-01CCD5707C19",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nagios:nagios:4.0.0:beta2:*:*:*:*:*:*",
              "matchCriteriaId": "E610186F-91AC-41A6-AC3F-DBFF8EC17316",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nagios:nagios:4.0.0:beta3:*:*:*:*:*:*",
              "matchCriteriaId": "F8911118-ABD8-4698-9E2D-80059F3A5B32",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "status.cgi in Nagios 4.0 before 4.0 beta4 and 3.x before 3.5.1 does not properly restrict access to certain users that are a contact for a service, which allows remote authenticated users to obtain sensitive information about hostnames via the servicegroup (1) overview, (2) summary, or (3) grid style in status.cgi.  NOTE: this behavior is by design in most 3.x versions, but the upstream vendor \"decided to change it for Nagios 4\" and 3.5.1."
    },
    {
      "lang": "es",
      "value": "status.cgi en Nagios 4.0 anterior a 4.0 beta4 y 3.x anterior a 3.5.1 no restringe adecuadamente el acceso a ciertos usuarios que son un contacto para un servicio, lo que permite a usuarios remotos autenticados obtener informaci\u00f3n sensible sobre nombres de host a trav\u00e9s del Servicegroup (1) Overview, (2) Summary o (3) Grid Style en status.cgi.  NOTA: esta conducta es por dise\u00f1o en la mayor\u00eda de las versiones 3.x, no obstante el fabricante \"decidi\u00f3 cambiarlo por Nagios 4\" y 3.5.1."
    }
  ],
  "id": "CVE-2013-2214",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 4.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2014-02-10T23:55:04.963",
  "references": [
    {
      "source": "secalert@redhat.com",
      "url": "http://lists.opensuse.org/opensuse-updates/2013-07/msg00029.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://lists.opensuse.org/opensuse-updates/2013-07/msg00031.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://seclists.org/oss-sec/2013/q2/619"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://seclists.org/oss-sec/2013/q2/622"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://tracker.nagios.org/view.php?id=456"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-updates/2013-07/msg00029.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-updates/2013-07/msg00031.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://seclists.org/oss-sec/2013/q2/619"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://seclists.org/oss-sec/2013/q2/622"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://tracker.nagios.org/view.php?id=456"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-264"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CVE-2013-2214 (GCVE-0-2013-2214)

Vulnerability from cvelistv5

Published

2014-02-10 23:00