CVE-2023-7322
HIGHNagios Log Server < 2024 - Incorrect Authorization Granting Full API Access
Title source: llmDescription
Nagios Log Server versions prior to 2024R1 contain an incorrect authorization vulnerability. Users who lacked the required API permission were nevertheless able to invoke API endpoints, resulting in unintended access to data and actions exposed via the API. This incorrect authorization check could allow authenticated but non-privileged users to read or modify resources beyond their intended rights.
References (2)
Core 2
Core References
Release Notes release-notes
patch
https://www.nagios.com/changelog/nagios-log-server-2024r1/
Third Party Advisory third-party-advisory
https://www.vulncheck.com/advisories/nagios-log-server-incorrect-authorization-granting-full-api-access
Scores
CVSS v3
8.1
EPSS
0.0024
EPSS Percentile
47.3%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
yes
Technical Impact
total
Details
CWE
CWE-863
Status
published
Products (1)
nagios/log_server
< 2024
Published
Oct 30, 2025
Tracked Since
Feb 18, 2026