Home > Vulnerability Database > CVE-2020-13977

Mend.io Vulnerability Database

CVE-2020-13977

Date: June 9, 2020

Nagios 4.4.5 allows an attacker, who already has administrative access to change the "URL for JSON CGIs" configuration setting, to modify the Alert Histogram and Trends code via crafted versions of the archivejson.cgi, objectjson.cgi, and statusjson.cgi files. NOTE: this vulnerability has been mistakenly associated with CVE-2020-1408.

Language: C

Severity Score

4.9

Related Resources (13)

Url: https://people.canonical.com/~ubuntu-security/cve/CVE-2020-13977

Url: https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H7T6MSDWMBJEVVFSOK7DOYJJWDAFQCEQ/

Url: https://github.com/sawolf/nagioscore/tree/url-injection-fix

Url: https://anhtai.me/nagios-core-4-4-5-url-injection/

Url: https://security-tracker.debian.org/tracker/CVE-2020-13977

Url: https://nvd.nist.gov/vuln/detail/CVE-2020-13977

Url: https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5P6NHNG2SJAM6DXVTXQH3AOJ4WQVKJUE/

Url: https://www.nagios.org/projects/nagios-core/history/4x/

Url: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JUEIABR4Y6L5J5MZDFWU46ZWXMJO64U3/

Url: https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JUEIABR4Y6L5J5MZDFWU46ZWXMJO64U3/

Url: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/H7T6MSDWMBJEVVFSOK7DOYJJWDAFQCEQ/

Url: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5P6NHNG2SJAM6DXVTXQH3AOJ4WQVKJUE/

Url: https://www.mend.io/vulnerability-database/CVE-2020-13977

Severity Score

4.9

Weakness Type (CWE)

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

CWE-74

CVSS v3.1

Base Score:	4.9
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	HIGH
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	HIGH
Availability (A):	NONE

CVSS v2

Base Score:	4.0
Access Vector (AV):	NETWORK
Access Complexity (AC):	LOW
Authentication (AU):	SINGLE
Confidentiality (C):	NONE
Integrity (I):	PARTIAL
Availability (A):	NONE
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2020-13977

Date: June 9, 2020

Language: C

Severity Score

Related Resources (13)

Severity Score

Weakness Type (CWE)

CVSS v3.1

CVSS v2

Do you need more information?