Nagios Log Server

17 CVEs affecting Nagios Log Server. Latest disclosed: 2025-11-17. Critical: 4, High: 6.

Top CVEs affecting Nagios Log Server
CVESeverityScorePublishedSummary
CVE-2025-44823Critical9.92025-10-07Nagios Log Server before 2024R1.3.2 allows authenticated users to retrieve cleartext administrative API keys via a /nagioslogserver/index.php/api/system/get_us…
CVE-2025-34277Critical9.82025-10-30Nagios Log Server versions prior to 2024R1.3.1 contain a code injection vulnerability where malformed dashboard ID values are not properly validated before bei…
CVE-2025-34274Critical9.82025-10-30Nagios Log Server versions prior to 2024R2.0.3 contain an execution with unnecessary privileges vulnerability as it runs its embedded Logstash process as the r…
CVE-2025-34271Critical9.82025-10-30Nagios Log Server versions prior to 2024R2.0.2 contain a vulnerability in the cluster manager component when requesting sensitive credentials from peer nodes o…
CVE-2025-34298High8.82025-10-30Nagios Log Server versions prior to 2024R1.3.2 contain a privilege escalation vulnerability in the account email-change workflow. A user could set their own em…
CVE-2025-44824High8.52025-10-07Nagios Log Server before 2024R1.3.2 allows authenticated users (with read-only API access) to stop the Elasticsearch service via a /nagioslogserver/index.php/a…
CVE-2023-7322High8.12025-10-30Nagios Log Server versions prior to 2024R1 contain an incorrect authorization vulnerability. Users who lacked the required API permission were nevertheless abl…
CVE-2025-34323High7.82025-11-17Nagios Log Server versions prior to 2026R1.0.1 are vulnerable to local privilege escalation due to a combination of sudo misconfiguration and group-writable ap…
CVE-2024-58273High7.82025-10-30Nagios Log Server versions prior to 2024R1.0.2 contain a local privilege escalation vulnerability that allows an attacker who could execute commands as the Apa…
CVE-2025-34322High7.22025-11-17Nagios Log Server versions prior to 2026R1.0.1 contain an authenticated command injection vulnerability in the experimental 'Natural Language Queries' feature…
CVE-2025-34273Medium6.52025-10-30Nagios Log Server versions prior to 2024R2.0.3 contain an incorrect authorization vulnerability that allows non-administrator users to delete global dashboards…
CVE-2025-34272Medium6.52025-10-30In Nagios Log Server versions prior to 2024R2.0.3, when a user's configured default dashboard is deleted, the application does not reliably fall back to an emp…
CVE-2023-7323Medium5.42025-10-30Nagios Log Server versions prior to 2024R1 are vulnerable to cross-site scripting (XSS) via the Create User function. Insufficient validation or escaping of us…
CVE-2023-7321Medium5.42025-10-30Nagios Log Server versions prior to 2.1.14 are vulnerable to cross-site scripting (XSS) via the Snapshots Page. Untrusted log content was not safely encoded fo…
CVE-2020-36858Medium5.42025-10-30Nagios Log Server versions prior to 2.1.6 contain cross-site scripting (XSS) vulnerabilities via the web interface on the Create User, Edit User, and Manage Ho…
CVE-2016-15049Medium5.42025-10-30Nagios Log Server versions prior to 1.4.2 are vulnerable to cross-site scripting (XSS) in the Dashboards section when rendering log entries in the Logs table…
CVE-2025-34270Medium4.92025-10-30Nagios Log Server versions prior to 2024R2.0.2 contain a vulnerability in the AD/LDAP user import functionality as it fails to obfuscate the password field dur…