CVE-2021-3325
published 2021-01-27CVE-2021-3325: Monitorix 3.13.0 allows remote attackers to bypass Basic Authentication in a default installation (i.e., an installation without a hosts_deny option). This…
PriorityP261critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
2.23%
80.5th percentile
Monitorix 3.13.0 allows remote attackers to bypass Basic Authentication in a default installation (i.e., an installation without a hosts_deny option). This issue occurred because a new access-control feature was introduced without considering that some exiting installations became unsafe, upon an update to 3.13.0, unless the new feature was immediately configured.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| fedoraproject | fedora | — | — |
| fedoraproject | fedora | — | — |
| fibranet | monitorix | — | — |
| fibranet | monitorix | >= 0 < 3.12.0-1 | 3.12.0-1 |
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
osv9.8CRITICAL
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-3r2m-6v2h-6jqr: Monitorix 3
ghsa_unreviewed·2022-05-24
CVE-2021-3325 [CRITICAL] CWE-287 GHSA-3r2m-6v2h-6jqr: Monitorix 3
Monitorix 3.13.0 allows remote attackers to bypass Basic Authentication in a default installation (i.e., an installation without a hosts_deny option). This issue occurred because a new access-control feature was introduced without considering that some exiting installations became unsafe, upon an update to 3.13.0, unless the new feature was immediately configured.
OSV
CVE-2021-3325: Monitorix 3
osv·2021-01-27·CVSS 9.8
CVE-2021-3325 [CRITICAL] CVE-2021-3325: Monitorix 3
Monitorix 3.13.0 allows remote attackers to bypass Basic Authentication in a default installation (i.e., an installation without a hosts_deny option). This issue occurred because a new access-control feature was introduced without considering that some exiting installations became unsafe, upon an update to 3.13.0, unless the new feature was immediately configured.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://github.com/mikaku/Monitorix/commit/d6816e20da1a98bcdc6372d9c36a093df5238f4ahttps://github.com/mikaku/Monitorix/compare/v3.13.0...v3.13.1https://github.com/mikaku/Monitorix/issues/309https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/67DDUU56LP76AJ2K7WJ733QPL2FHKKNG/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IGG6WK44CYY6GEFRTCUEDANVNSX5NDH7/https://www.monitorix.org/news.html?n=20210127https://github.com/mikaku/Monitorix/commit/d6816e20da1a98bcdc6372d9c36a093df5238f4ahttps://github.com/mikaku/Monitorix/compare/v3.13.0...v3.13.1https://github.com/mikaku/Monitorix/issues/309https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/67DDUU56LP76AJ2K7WJ733QPL2FHKKNG/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IGG6WK44CYY6GEFRTCUEDANVNSX5NDH7/https://www.monitorix.org/news.html?n=20210127
2021-01-27
Published