PNP4Nagios 0.6 through 0.6.16 uses world-readable permissions for process_perfdata.cfg, which allows local users to obtain the Gearman shared secret by reading the file.
2012-08-12T00:55:00.810
2025-04-11T00:51:21.963
Deferred
CVSSv2: 2.1 (LOW)
AV:L/AC:L/Au:N/C:P/I:N/A:N
3.9
2.9
| Type | Vendor | Product | Version/Range | Vulnerable? |
|---|---|---|---|---|
| Application | pnp4nagios | pnp4nagios | 0.6.0 | Yes |
| Application | pnp4nagios | pnp4nagios | 0.6.1 | Yes |
| Application | pnp4nagios | pnp4nagios | 0.6.2 | Yes |
| Application | pnp4nagios | pnp4nagios | 0.6.3 | Yes |
| Application | pnp4nagios | pnp4nagios | 0.6.4 | Yes |
| Application | pnp4nagios | pnp4nagios | 0.6.5 | Yes |
| Application | pnp4nagios | pnp4nagios | 0.6.6 | Yes |
| Application | pnp4nagios | pnp4nagios | 0.6.7 | Yes |
| Application | pnp4nagios | pnp4nagios | 0.6.10 | Yes |
| Application | pnp4nagios | pnp4nagios | 0.6.11 | Yes |
| Application | pnp4nagios | pnp4nagios | 0.6.12 | Yes |
| Application | pnp4nagios | pnp4nagios | 0.6.13 | Yes |
| Application | pnp4nagios | pnp4nagios | 0.6.14 | Yes |
| Application | pnp4nagios | pnp4nagios | 0.6.15 | Yes |
| Application | pnp4nagios | pnp4nagios | 0.6.16 | Yes |