Vulnerability Description
Monitorix 3.13.0 allows remote attackers to bypass Basic Authentication in a default installation (i.e., an installation without a hosts_deny option). This issue occurred because a new access-control feature was introduced without considering that some exiting installations became unsafe, upon an update to 3.13.0, unless the new feature was immediately configured.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Fibranet | Monitorix | 3.13.0 |
| Fedoraproject | Fedora | 32 |
References
- https://github.com/mikaku/Monitorix/commit/d6816e20da1a98bcdc6372d9c36a093df5238PatchThird Party Advisory
- https://github.com/mikaku/Monitorix/compare/v3.13.0...v3.13.1PatchThird Party Advisory
- https://github.com/mikaku/Monitorix/issues/309ExploitIssue TrackingThird Party Advisory
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
- https://www.monitorix.org/news.html?n=20210127Release NotesVendor Advisory
- https://github.com/mikaku/Monitorix/commit/d6816e20da1a98bcdc6372d9c36a093df5238PatchThird Party Advisory
- https://github.com/mikaku/Monitorix/compare/v3.13.0...v3.13.1PatchThird Party Advisory
- https://github.com/mikaku/Monitorix/issues/309ExploitIssue TrackingThird Party Advisory
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
- https://www.monitorix.org/news.html?n=20210127Release NotesVendor Advisory
FAQ
What is CVE-2021-3325?
CVE-2021-3325 is a vulnerability with a CVSS score of 9.8 (CRITICAL). Monitorix 3.13.0 allows remote attackers to bypass Basic Authentication in a default installation (i.e., an installation without a hosts_deny option). This issue occurred because a new access-control ...
How severe is CVE-2021-3325?
CVE-2021-3325 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2021-3325?
Check the references section above for vendor advisories and patch information. Affected products include: Fibranet Monitorix, Fedoraproject Fedora.