CVE-2020-28911

Medium

Incorrect Access Control in Nagios Fusion 4.1.8 and earlier allows low-privileged authenticated users to extract passwords used to manage…

mitre·CWE-922·Published 2021-05-24

CVSS

6.5

EPSS

0.03

KEV

Exploits

cve.orgen

198 chars

Incorrect Access Control in Nagios Fusion 4.1.8 and earlier allows low-privileged authenticated users to extract passwords used to manage fused servers via the test_server command in ajaxhelper.php.

NVDen

198 chars

Incorrect Access Control in Nagios Fusion 4.1.8 and earlier allows low-privileged authenticated users to extract passwords used to manage fused servers via the test_server command in ajaxhelper.php.

Un Control de Acceso Incorrecto en Nagios Fusion versiones 4.1.8 y anteriores, permite a usuarios autenticados pocos privilegiados extraer las contraseñas usadas para administrar servidores fusionados por medio del comando test_server en el archivo ajaxhelper.php

CVSS metrics across sources

Version	Type	Source	Base	Exp	Impact	Vector
2.0	Primary	NVD	4.0	8.0	2.9	AV:N/AC:L/Au:S/C:P/I:N/A:N
3.1	Primary	NVD	6.5	2.8	3.6	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N