Vulnerability in Nagios Nagios_xi
CVE-2024-13995
Nagios XI versions prior to 2024R1.1.2 may (confirmed in 2024R1.1 and 2024R1.1.1) disclose sensitive user account information (including API keys and hashed passwords) to authenticated users who should not have access to that data. Exposur…
EPSS: 0.012 (64.0th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 8.8 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H.
Affected products
- Nagios Nagios_xi — versions 2024
- Nagios Xi — versions 2024R1.1, 2024R1.1.1, 0
Weakness classification (CWE)
References
- disclosure@vulncheck.com (vendor-advisory, patch, Vendor Advisory)
- disclosure@vulncheck.com (release-notes, Release Notes, patch)
- disclosure@vulncheck.com (Third Party Advisory, third-party-advisory)
Frequently asked questions
- What is CVE-2024-13995?
- CVE-2024-13995 is a high-severity vulnerability in Nagios Nagios_xi, classified under Exposure of Sensitive System Information to an Unauthorized Control Sphere. CVSS score: 8.8/10. Published 2025-10-30.
- How severe is CVE-2024-13995?
- High severity. CVSS v3 base score is 8.8 out of 10.