← Back

CVE-2023-48082

nvd nist
Published: Oct 14, 2024Modified: Jul 10, 2025

JSON object

Loading...
9.1
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Exploitability: 3.9 / Impact: 5.2
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)

Description

Nagios XI before 2024R1 was discovered to improperly handle API keys generation (randomly-generated), allowing attackers to possibly generate the same set of API keys for all users and utilize them to authenticate.

Affected (14)

Products: Nagios: Nagios Xi
Nagios
1 product
Nagios Xi
Configuration A
14 vulnerable
Vulnerable SoftwareAffected Versions
Nagios
Nagios Xi
Before 2014
Nagios Xi
Version 2014 r1.0
Nagios Xi
Version 2014 r1.1
Nagios Xi
Version 2014 r1.2
Nagios Xi
Version 2014 r1.3
Nagios Xi
Version 2014 r1.4
Nagios Xi
Version 2014 r2.0
Nagios Xi
Version 2014 r2.1
Nagios Xi
Version 2014 r2.2
Nagios Xi
Version 2014 r2.3
Nagios Xi
Version 2014 r2.4
Nagios Xi
Version 2014 r2.5
Nagios Xi
Version 2014 r2.6
Nagios Xi
Version 2014 r2.7

Related CWEs

CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

References (1)

Source: cve@mitre.org
Release Notes

Timeline

No history available yet.