CVE-2013-4214 — Link Following in Nagios

CWE-59 — Link Following CWE-377 — Insecure Temporary File7 documents5 sources

Severity

6.3MEDIUMNVD

EPSS

0.0%

top 85.65%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Nagios Redhat Openstack

Timeline

PublishedNov 23

Latest updateMay 17

Description

rss-newsfeed.php in Nagios Core 3.4.4, 3.5.1, and earlier, when MAGPIE_CACHE_ON is set to 1, allows local users to overwrite arbitrary files via a symlink attack on /tmp/magpie_cache.

CVSS vector

AV:L/AC:M/C:N/I:C/A:CExploitability: 3.4 | Impact: 9.2

Affected Packages2 packages

▶NVDnagios/nagios3.5.1+1

▶NVDredhat/openstack3.0

🔴Vulnerability Details

GHSA

GHSA-hp8w-x4cg-7866: rss-newsfeed↗2022-05-17

▶

CVEList

CVE-2013-4214: rss-newsfeed↗2013-11-23

▶

📋Vendor Advisories

Red Hat

core: html/rss-newsfeed.php insecure temporary file usage↗2013-08-07

▶

💬Community

Bugzilla

CVE-2013-4214 nagios: Nagios core: html/rss-newsfeed.php insecure temporary file usage [fedora-all]↗2013-08-08

▶

Bugzilla

CVE-2013-4214 nagios: Nagios core: html/rss-newsfeed.php insecure temporary file usage [epel-6]↗2013-08-08

▶

Bugzilla

CVE-2013-4214 Nagios core: html/rss-newsfeed.php insecure temporary file usage↗2013-04-30

▶