servicegroup overview not restricted for htaccess users

Jonas Meurer jonas at freesources.org
Sat May 11 13:24:27 CEST 2013

Previous message: servicegroup overview not restricted for htaccess users
Next message: servicegroup overview not restricted for htaccess users
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hello,

Am 06.05.2013 10:42, schrieb Jonas Meurer:
> I fear that I discovered a security issue in Nagios 3.4.4 status.cgi:

no comments on that?

> All htaccess users, even if not listed in any authorized_for_* config 
> option, have full access to service group overview, summary and grid:
> /nagios/cgi-bin/status.cgi?servicegroup=all&style=overview
> /nagios/cgi-bin/status.cgi?servicegroup=all&style=summary
> /nagios/cgi-bin/status.cgi?servicegroup=all&style=grid
> 
> I hope that this is not intended. Is this issue known?
> 
> Kind regards,
>   jonas
> 
> 
> ------------------------------------------------------------------------------
> Introducing AppDynamics Lite, a free troubleshooting tool for Java/.NET
> Get 100% visibility into your production application - at no cost.
> Code-level diagnostics for performance bottlenecks with <2% overhead
> Download for free and get started troubleshooting in minutes.
> http://p.sf.net/sfu/appdyn_d2d_ap1
> _______________________________________________
> Nagios-users mailing list
> Nagios-users at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/nagios-users
> ::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. 
> ::: Messages without supporting info will risk being sent to /dev/null
> 


------------------------------------------------------------------------------
Learn Graph Databases - Download FREE O'Reilly Book
"Graph Databases" is the definitive new guide to graph databases and 
their applications. This 200-page book is written by three acclaimed 
leaders in the field. The early access version is available now. 
Download your free book today! http://p.sf.net/sfu/neotech_d2d_may
_______________________________________________
Nagios-users mailing list
Nagios-users at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nagios-users
::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. 
::: Messages without supporting info will risk being sent to /dev/null

Previous message: servicegroup overview not restricted for htaccess users
Next message: servicegroup overview not restricted for htaccess users
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Users mailing list