📦 Log Server
by Nagios
🔍 What is Log Server?
Description coming soon...
🛡️ Security Overview
Click on a severity to filter vulnerabilities
⚠️ Known Vulnerabilities
Nagios Log Server versions before 2024R2.0.3 run the embedded Logstash process with root privileges, creating a privilege escalation vulnerability. If an attacker compromises Logstash through insecure...
Nagios Log Server versions before 2024R2.0.2 transmit cluster credentials over unencrypted channels even when SSL/TLS is configured, allowing network-positioned attackers to intercept authentication c...
Nagios Log Server before version 2024R1.3.2 allows authenticated users to retrieve cleartext administrative API keys via a specific API endpoint. This vulnerability affects all Nagios Log Server insta...
Nagios Log Server versions before 2026R1.0.1 contain an authenticated command injection vulnerability in the experimental 'Natural Language Queries' feature. Authenticated users with access to Global ...
This CVE describes a local privilege escalation vulnerability in Nagios Log Server where the 'www-data' user can replace root-owned scripts in a writable directory and execute them via sudo without a ...
Nagios Log Server versions before 2024R1.0.2 contain a local privilege escalation vulnerability. An attacker who can execute commands as the Apache web user or backend shell user can escalate privileg...
Nagios Log Server versions before 2024R1 have an incorrect authorization vulnerability where authenticated users without proper API permissions can access API endpoints they shouldn't. This allows non...
A Cross-Site Scripting (XSS) vulnerability in Nagios Log Server v.2024R1.3.1 allows remote attackers to inject malicious scripts via the Email field. This could enable attackers to execute arbitrary c...
Nagios Log Server versions before 2024R2.0.2 expose plaintext AD/LDAP passwords during user import operations. This allows administrators or users with access to import results to view sensitive crede...
Nagios Log Server versions before 2024R2.0.3 have an authorization flaw that lets non-admin users delete global dashboards. This affects all organizations using vulnerable Nagios Log Server instances ...
Nagios Log Server versions before 2.1.14 contain a stored cross-site scripting vulnerability in the Snapshots Page. Attackers can inject malicious scripts into log data that execute in victims' browse...
This cross-site scripting (XSS) vulnerability in Nagios Log Server allows attackers to inject malicious scripts into web pages when users interact with Create User, Edit User, or Manage Host Lists fun...
Nagios Log Server versions before 1.4.2 contain a cross-site scripting vulnerability in the Dashboards section. When viewing log entries in the Logs table, malicious script content from logs can execu...