Primary

Context

Nagios XI API Key Disclosure Vulnerability in Neptune Themes

Vulnerability

A vulnerability exists in Nagios XI versions prior to 2024R1.4.2, where API keys were inadvertently exposed to users without API access. This issue arises specifically when Neptune themes are in use. An authenticated user lacking API privileges could view their own API key or that of another user.

Impact

According to Nagios, this vulnerability allows unauthorized users to access sensitive API key information, which could be exploited to gain unauthorized API access.

Reproduction

To reproduce this vulnerability, log into Nagios XI with an account that does not have API privileges. Navigate to a page that uses the Neptune theme. The API key will be visible in the 'Account Information' section.

Remediation

Users can upgrade to Nagios XI version 2024R1.4.2 or later, where this vulnerability has been fixed.

Added: Oct 30, 2025, 10:24 PM

Updated: Oct 30, 2025, 10:24 PM

Vulnerability Rating

Custom Algorithm

spread

5.0

impact

2.5

exploitability

5.6

remediation

7.7

relevance

0.8

threat

1.6

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

5.0

impact

2.5

exploitability

5.6

remediation

7.7

relevance

0.8

threat

1.6

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Nagios XI API Key Disclosure Vulnerability in Neptune Themes

Vulnerability

Impact

Reproduction

Remediation

Affected Products

Nagios XI

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating