Primary

Context

Nagios Log Server Incorrect Authorization Vulnerability Allowing Dashboard Deletion by Non-Administrators

Vulnerability

Patched

A vulnerability exists in Nagios Log Server versions prior to 2024R2.0.3, allowing non-administrator users to delete global dashboards. This issue arises from inadequate authorization checks in the dashboard deletion process, enabling lower-privileged users to remove dashboards that impact other users and the overall monitoring interface.

Impact

Exploitation of this vulnerability allows for unauthorized deletion of global dashboards, disrupting the monitoring experience for other users and potentially affecting overall system usability.

Remediation

Users are advised to upgrade to Nagios Log Server version 2024R2.0.3 or later.

Added: Oct 30, 2025, 10:29 PM

Updated: Oct 30, 2025, 10:29 PM

Vulnerability Rating

Custom Algorithm

spread

1.9

impact

2.5

exploitability

5.2

remediation

7.7

relevance

0.9

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

1.9

impact

2.5

exploitability

5.2

remediation

7.7

relevance

0.9

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Nagios Log Server Incorrect Authorization Vulnerability Allowing Dashboard Deletion by Non-Administrators

Vulnerability

Impact

Remediation

Affected Products

Nagios Log Server

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating