Information Disclosure in Nagios XI Affects User Data Visibility
CVE-2024-54961

6.5MEDIUM

Key Information:

Vendor: Nagios
Status: Nagios XI
Vendor: CVE Published:; 20 February 2025

What is CVE-2024-54961?

Nagios XI version 2024R1.2.2 is susceptible to an information disclosure vulnerability that permits unauthenticated users to gain unauthorized access to several pages. This flaw can potentially expose sensitive user data, including usernames and email addresses of all current users, thereby increasing the risk of phishing attacks and other malicious activities. It is essential for administrators to be aware of this issue to ensure proper security measures are taken.

References

https://github.com/Sharpe-nl/CVEs/tree/main/CVE-2024-54961

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 20, 2025
Vulnerability Reserved
Dec 6, 2024