En

Nagios官网安全更新(2021-09-02)

来源:Nagios官网 发布日期:2021-09-02 阅读次数:4861 评论:0

基本信息

发布日期:2021-09-02(官方当地时间)

更新类型:安全更新

更新版本:5.8.6

感知时间:2021-09-03 01:36:50

风险等级:未知

情报贡献:TSRC

更新标题

安全更新

更新详情

Added Stalking Notification and None options to Single Config Option for Bulk Modifications Tool [TPS#15597] -PhW
Updated Bulk Modifications Tool UI to use actual option names, and mirror UI from normal config page -PhW
Updated NagVis component to version 2.0.9 to fix security issue (thanks Scott Tolley from Synopsys Cybersecurity Research Center (CyRC)) -JO
Fixed issue with special characters in Top Alert Producers, State History, and Notifications reports [TPS#15599] -JO
Fixed built in DEV tools, so you can log values and monitor them through the web UI. -PhW
Fixed styling issue on the Check for Updates page when in Modern Dark theme -JO
Fixed command injection security issue during installation of components, wizards, and dashlets in cmdsubsys -JO
Fixed security issue in backend API auth where it was not properly authing the insecure login ticket -JO
Fixed security vulnerability with file permissions for the migrate nagios_unbundler.py script -JO
Fixed SQL injection in the Manage MIBs admin page and Bulk Modifications page -JO
Fixed XSS security vulnerability in Manage My Dashboards page edit dashboard title attribute (thanks Matthew Dunn) (CVE-2021-38156) -JO
Fixed SSRF vulnerability in Scheduld Reprot URL when scheduled pages outside the Nagios XI system
Fixed issue in which deleting a host having an escalation caused an invalid config. -PhW

软件描述

Nagios是一款开源的免费网络监视工具,能有效监控Windows、Linux和Unix的主机状态,交换机路由器等网络设备,打印机等

CVE编号

TSRC分析

暂无

业界资讯

暂无

评论

提交评论 您输入的评论有误,请重新输入