CVE-2021-3325

CRITICAL

Monitorix 3.13.0 - Unauthenticated Basic Authentication Bypass

Title source: llm
STIX 2.1

Description

Monitorix 3.13.0 allows remote attackers to bypass Basic Authentication in a default installation (i.e., an installation without a hosts_deny option). This issue occurred because a new access-control feature was introduced without considering that some exiting installations became unsafe, upon an update to 3.13.0, unless the new feature was immediately configured.

References (6)

Core 6
Core References
Exploit, Issue Tracking, Third Party Advisory x_refsource_misc
https://github.com/mikaku/Monitorix/issues/309
Patch, Third Party Advisory x_refsource_misc
https://github.com/mikaku/Monitorix/compare/v3.13.0...v3.13.1
Release Notes, Vendor Advisory x_refsource_confirm
https://www.monitorix.org/news.html?n=20210127

Scores

CVSS v3 9.8
EPSS 0.0223
EPSS Percentile 80.6%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

Status published
Products (3)
fedoraproject/fedora 32
fedoraproject/fedora 33
fibranet/monitorix 3.13.0
Published Jan 27, 2021
Tracked Since Feb 18, 2026