CVE-2023-7322 — HIGH (8.1) — White Hats Nepal

Q: How severe is CVE-2023-7322?

CVE-2023-7322 has been rated HIGH with a CVSS base score of 8.1/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2023-7322?

Check the references section above for vendor advisories and patch information. Affected products include: Nagios Log Server.

Vulnerability Description

Nagios Log Server versions prior to 2024R1 contain an incorrect authorization vulnerability. Users who lacked the required API permission were nevertheless able to invoke API endpoints, resulting in unintended access to data and actions exposed via the API. This incorrect authorization check could allow authenticated but non-privileged users to read or modify resources beyond their intended rights.

CVSS Score

8.1

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

NONE

Affected Products

Vendor	Product	Versions
Nagios	Log Server	< 2024

Related Weaknesses (CWE)

CWE-863

References

https://www.nagios.com/changelog/nagios-log-server-2024r1/Release Notes
https://www.vulncheck.com/advisories/nagios-log-server-incorrect-authorization-gThird Party Advisory

FAQ

What is CVE-2023-7322?

CVE-2023-7322 is a vulnerability with a CVSS score of 8.1 (HIGH). Nagios Log Server versions prior to 2024R1 contain an incorrect authorization vulnerability. Users who lacked the required API permission were nevertheless able to invoke API endpoints, resulting in u...

How severe is CVE-2023-7322?

CVE-2023-7322 has been rated HIGH with a CVSS base score of 8.1/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2023-7322?

Check the references section above for vendor advisories and patch information. Affected products include: Nagios Log Server.