| Summary: | nagios: web interface vulnerable to Cross-Site Request Forgery attacks | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | Jason Shepherd <jshepherd> |
| Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
| Status: | CLOSED WONTFIX | QA Contact: | |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | unspecified | CC: | affix, apevec, avibelli, ayoung, chrisw, cvsbot-xmlrpc, gsterlin, jbalunas, jose.p.oliveira.oss, jschluet, jshepherd, kbasil, lhh, linux, lpeer, markmc, mmagr, ondrejj, rbryant, rhs-bugs, rrajasek, sclewis, sgirijan, sisharma, srevivo, ssaha, s, storage-qa-internal, swilkerson, tdecacqu, tkirby, vbellur |
| Target Milestone: | --- | Keywords: | Security |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | nagios 4.2.0 | Doc Type: | If docs needed, set a value |
| Doc Text: |
It was found that Nagios was vulnerable to Cross-Site Request Forgery attacks. An attacker could use this flaw to trick an authenticated user into performing unintended actions.
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | 2019-06-08 02:58:40 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Bug Depends On: | 1377885 | ||
| Bug Blocks: | 1376656 | ||
|
Description
Jason Shepherd
2016-09-16 06:12:09 UTC
Created nagios tracking bugs for this issue: Affects: fedora-all [bug 1377885] Fixed in RHMAP |