CNNVD-202510-4079 Information

CNNVD ID

CNNVD-202510-4079

Related CVE

CVE-2025-34298

• CNNVD Published: 2025-10-30

Description (Chinese)

Nagios Log Server是美国Nagios公司的一套集中式日志管理、监控和分析软件。 Nagios Log Server 2024R1.3.2之前版本存在安全漏洞，该漏洞源于账户邮件更改流程中验证和授权检查不足，可能导致权限提升或绕过访问控制。

Description (English)

Nagios Log Server is a centralized log management, monitoring and analysis software for the United States company Nagios. There was a security loophole in the pre-Nagios Log Server 2024R1.3.2 version, which stemmed from inadequate validation and authorization checks in account mail change processes, which could lead to enhanced privileges or bypass access controls.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

Nagios

Published

2025-10-30

Last Modified

2026-02-24

References

https://www.nagios.com/changelog/nagios-log-server-2024r1/ https://www.vulncheck.com/advisories/nagios-log-server-set-email-privilege-escalation

Patch

https://www.nagios.com/products/security/#log-server