Nagios XI Missing Authorization Vulnerability in Auto-Discovery Component

A missing authorization vulnerability has been identified in the Auto-Discovery feature of Nagios XI, affecting versions prior to 2012R1.6. This vulnerability allows users with read-only roles to access Auto-Discovery endpoints and pages that require elevated permissions. As a result, these users can view discovery results and perform unintended discovery operations.

Impact

Exploitation of this vulnerability could lead to unauthorized access to Auto-Discovery features and data, allowing read-only users to perform actions or view information that should be restricted.

Remediation

Users can upgrade to Nagios XI version 2012R1.6 or later to address this vulnerability.