DLA-4149-1

Details

CVE-2024-13722 CVE-2024-13723 CVE-2024-47093

Multiple vulnerabilities were discovered in nagvis, a visualization addon for Nagios or Icinga.

CVE-2021-33178

Due to an authenticated path traversal vulnerability, a malicious actor has the ability to arbitrarily delete files on the local system.

CVE-2022-3979

Due to a type juggling vulnerability, a remote attacker could successfully guess an authentication cookie.

CVE-2022-46945

An attacker can read arbitrary files.

CVE-2023-46287

A XSS vulnerability exists in a function.

CVE-2024-13722 / CVE-2024-47093

Multiple XSS vulnerabilities exist.

CVE-2024-13723 / CVE-2024-47093

Multiple RCE vulnerabilities exist. An authenticated attacker with administrative level privileges is able to upload a malicious PHP file and modify specific settings to execute the contents of the file as PHP.

Affected Packages

nagvis

Debian 11

Fixed in:

1:1.9.25-2+deb11u1

References

ADVISORY

https://security-tracker.debian.org/tracker/DLA-4149-1