CVE-2013-2214

Published: Feb 10, 2014Modified: Apr 29, 2026

4.0

Vector

AV:N/AC:L/Au:S/C:P/I:N/A:N

Exploitability: 8.0 / Impact: 2.9

Source: NVD

Description

status.cgi in Nagios 4.0 before 4.0 beta4 and 3.x before 3.5.1 does not properly restrict access to certain users that are a contact for a service, which allows remote authenticated users to obtain sensitive information about hostnames via the servicegroup (1) overview, (2) summary, or (3) grid style in status.cgi. NOTE: this behavior is by design in most 3.x versions, but the upstream vendor "decided to change it for Nagios 4" and 3.5.1.

Affected (39)

Products: Nagios: Nagios

Nagios

1 product

Nagios

Configuration A

39 vulnerable

Vulnerable Software	Affected Versions
Nagios Nagios	Version 3.0.1
Nagios Nagios	Version 3.0.2
Nagios Nagios	Version 3.0.3
Nagios Nagios	Version 3.0.4
Nagios Nagios	Version 3.0.5
Nagios Nagios	Version 3.0.6
Nagios Nagios	Version 3.0
Nagios Nagios	Version 3.0 alpha1
Nagios Nagios	Version 3.0 alpha2
Nagios Nagios	Version 3.0 alpha3
Nagios Nagios	Version 3.0 alpha4
Nagios Nagios	Version 3.0 alpha5
Nagios Nagios	Version 3.0 beta1
Nagios Nagios	Version 3.0 beta2
Nagios Nagios	Version 3.0 beta3
Nagios Nagios	Version 3.0 beta4
Nagios Nagios	Version 3.0 beta5
Nagios Nagios	Version 3.0 beta6
Nagios Nagios	Version 3.0 beta7
Nagios Nagios	Version 3.0 rc1
Nagios Nagios	Version 3.0 rc2
Nagios Nagios	Version 3.0 rc3
Nagios Nagios	Version 3.1.0
Nagios Nagios	Version 3.1.1
Nagios Nagios	Version 3.1.2
Nagios Nagios	Version 3.2.0
Nagios Nagios	Version 3.2.1
Nagios Nagios	Version 3.2.2
Nagios Nagios	Version 3.2.3
Nagios Nagios	Version 3.3.1
Nagios Nagios	Version 3.4.0
Nagios Nagios	Version 3.4.1
Nagios Nagios	Version 3.4.2
Nagios Nagios	Version 3.4.3
Nagios Nagios	Version 3.4.4
Nagios Nagios	Version 3.5.0
Nagios Nagios	Version 4.0.0 beta1
Nagios Nagios	Version 4.0.0 beta2
Nagios Nagios	Version 4.0.0 beta3