CVE-2013-10072

Published: Oct 30, 2025Modified: Nov 6, 2025

7.2

Vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:XShow less

Source: disclosure@vulncheck.com (Secondary)

Description

Nagios XI versions prior to 2012R1.6 contain an authorization flaw in the Auto-Discovery functionality. Users with read-only roles could directly reach Auto-Discovery endpoints and pages that should require elevated permissions, exposing discovery results and allowing unintended access to discovery operations.

Affected (7)

Products: Nagios: Nagios Xi

Nagios

1 product

Nagios Xi

Configuration A

7 vulnerable

Vulnerable Software	Affected Versions
Nagios Nagios Xi	Up to 2011
Nagios Nagios Xi	Version 2012 r1.0
Nagios Nagios Xi	Version 2012 r1.1
Nagios Nagios Xi	Version 2012 r1.2
Nagios Nagios Xi	Version 2012 r1.3
Nagios Nagios Xi	Version 2012 r1.4
Nagios Nagios Xi	Version 2012 r1.5

Related CWEs

CWE-862

Missing Authorization

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

References (2)

https://www.nagios.com/changelog/nagios-xi/

Source: disclosure@vulncheck.com

Release Notes

https://www.vulncheck.com/advisories/nagios-xi-auto-discovery-missing-authorization

Source: disclosure@vulncheck.com

Third Party Advisory

Timeline

No history available yet.