Cross-Site Request Forgery Vulnerability in Nagios XI by Nagios Enterprises
CVE-2024-54959

6.1MEDIUM

Key Information:

Vendor: Nagios Enterprises
Status: Nagios XI
Vendor: CVE Published:; 20 February 2025

🔔 Create Nagios Enterprises Vulnerability Alert

What is CVE-2024-54959?

Nagios XI version 2024R1.2.2 has a vulnerability that allows attackers to perform Cross-Site Request Forgery (CSRF) through the Favorites component. This weakness can potentially enable unauthorized actions to be executed by users without their consent, making it susceptible to POST-based Cross-Site Scripting (XSS) attacks. As a result, malicious actors could exploit this vulnerability to affect user sessions and compromise sensitive information.

References

https://github.com/Sharpe-nl/CVEs/tree/main/CVE-2024-54959

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 20, 2025
Vulnerability Reserved
Dec 6, 2024