CVE-2024-54961

Published: Feb 20, 2025Modified: Jun 18, 2025

6.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Exploitability: 3.9 / Impact: 2.5

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)

Description

Nagios XI 2024R1.2.2 has an Information Disclosure vulnerability, which allows unauthenticated users to access multiple pages displaying the usernames and email addresses of all current users.

Affected (1)

Products: Nagios: Nagios Xi

Nagios

1 product

Nagios Xi

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Nagios Nagios Xi	Version 2024 r1.2.2

Related CWEs

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (1)

https://github.com/Sharpe-nl/CVEs/tree/main/CVE-2024-54961

Source: cve@mitre.org

Third Party Advisory

Timeline

No history available yet.