Nagios Log Server
17 CVEs affecting Nagios Log Server. Latest disclosed: 2025-11-17. Critical: 4, High: 6.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2025-44823 | Critical | 9.9 | 2025-10-07 | Nagios Log Server before 2024R1.3.2 allows authenticated users to retrieve cleartext administrative API keys via a /nagioslogserver/index.php/api/system/get_us… |
CVE-2025-34277 | Critical | 9.8 | 2025-10-30 | Nagios Log Server versions prior to 2024R1.3.1 contain a code injection vulnerability where malformed dashboard ID values are not properly validated before bei… |
CVE-2025-34274 | Critical | 9.8 | 2025-10-30 | Nagios Log Server versions prior to 2024R2.0.3 contain an execution with unnecessary privileges vulnerability as it runs its embedded Logstash process as the r… |
CVE-2025-34271 | Critical | 9.8 | 2025-10-30 | Nagios Log Server versions prior to 2024R2.0.2 contain a vulnerability in the cluster manager component when requesting sensitive credentials from peer nodes o… |
CVE-2025-34298 | High | 8.8 | 2025-10-30 | Nagios Log Server versions prior to 2024R1.3.2 contain a privilege escalation vulnerability in the account email-change workflow. A user could set their own em… |
CVE-2025-44824 | High | 8.5 | 2025-10-07 | Nagios Log Server before 2024R1.3.2 allows authenticated users (with read-only API access) to stop the Elasticsearch service via a /nagioslogserver/index.php/a… |
CVE-2023-7322 | High | 8.1 | 2025-10-30 | Nagios Log Server versions prior to 2024R1 contain an incorrect authorization vulnerability. Users who lacked the required API permission were nevertheless abl… |
CVE-2025-34323 | High | 7.8 | 2025-11-17 | Nagios Log Server versions prior to 2026R1.0.1 are vulnerable to local privilege escalation due to a combination of sudo misconfiguration and group-writable ap… |
CVE-2024-58273 | High | 7.8 | 2025-10-30 | Nagios Log Server versions prior to 2024R1.0.2 contain a local privilege escalation vulnerability that allows an attacker who could execute commands as the Apa… |
CVE-2025-34322 | High | 7.2 | 2025-11-17 | Nagios Log Server versions prior to 2026R1.0.1 contain an authenticated command injection vulnerability in the experimental 'Natural Language Queries' feature… |
CVE-2025-34273 | Medium | 6.5 | 2025-10-30 | Nagios Log Server versions prior to 2024R2.0.3 contain an incorrect authorization vulnerability that allows non-administrator users to delete global dashboards… |
CVE-2025-34272 | Medium | 6.5 | 2025-10-30 | In Nagios Log Server versions prior to 2024R2.0.3, when a user's configured default dashboard is deleted, the application does not reliably fall back to an emp… |
CVE-2023-7323 | Medium | 5.4 | 2025-10-30 | Nagios Log Server versions prior to 2024R1 are vulnerable to cross-site scripting (XSS) via the Create User function. Insufficient validation or escaping of us… |
CVE-2023-7321 | Medium | 5.4 | 2025-10-30 | Nagios Log Server versions prior to 2.1.14 are vulnerable to cross-site scripting (XSS) via the Snapshots Page. Untrusted log content was not safely encoded fo… |
CVE-2020-36858 | Medium | 5.4 | 2025-10-30 | Nagios Log Server versions prior to 2.1.6 contain cross-site scripting (XSS) vulnerabilities via the web interface on the Create User, Edit User, and Manage Ho… |
CVE-2016-15049 | Medium | 5.4 | 2025-10-30 | Nagios Log Server versions prior to 1.4.2 are vulnerable to cross-site scripting (XSS) in the Dashboards section when rendering log entries in the Logs table… |
CVE-2025-34270 | Medium | 4.9 | 2025-10-30 | Nagios Log Server versions prior to 2024R2.0.2 contain a vulnerability in the AD/LDAP user import functionality as it fails to obfuscate the password field dur… |