Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2023-7322

Nagios Log Server versions prior to 2024R1 contain an incorrect authorization vulnerability. Users who lacked the required API permission were nevertheless able to invoke API endpoints, resulting in unintended access to data and actions exposed via the API. This incorrect authorization check could allow authenticated but non-privileged users to read or modify resources beyond their intended rights.

Published

2025-10-30T22:15:44.200

Last Modified

2025-11-06T16:20:51.270

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 8.1 (HIGH)

Weaknesses

Type: Secondary
CWE-863

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	nagios	log_server	< 2024	Yes

References

https://www.nagios.com/changelog/nagios-log-server-2024r1/ Release Notes ([email protected])
https://www.vulncheck.com/advisories/nagios-log-server-incorrect-authorization-granting-full-api-access Third Party Advisory ([email protected])