CVE-2023-48082

Nagios XI before 2024R1 was discovered to improperly handle API keys generation (randomly-generated), allowing attackers to possibly generate the same set of API keys for all users and utilize them to authenticate.

CVSS

No CVSS.

References

Link	Resource
https://www.nagios.com/change-log/	Release Notes

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:nagios:nagios_xi::::::::
	cpe:2.3:a:nagios:nagios_xi:2014:r1.0::::::
	cpe:2.3:a:nagios:nagios_xi:2014:r1.1::::::
	cpe:2.3:a:nagios:nagios_xi:2014:r1.2::::::
	cpe:2.3:a:nagios:nagios_xi:2014:r1.3::::::
	cpe:2.3:a:nagios:nagios_xi:2014:r1.4::::::
	cpe:2.3:a:nagios:nagios_xi:2014:r2.7::::::
	cpe:2.3:a:nagios:nagios_xi:2014:r2.0::::::
	cpe:2.3:a:nagios:nagios_xi:2014:r2.1::::::
	cpe:2.3:a:nagios:nagios_xi:2014:r2.2::::::
	cpe:2.3:a:nagios:nagios_xi:2014:r2.3::::::
	cpe:2.3:a:nagios:nagios_xi:2014:r2.4::::::
	cpe:2.3:a:nagios:nagios_xi:2014:r2.5::::::
	cpe:2.3:a:nagios:nagios_xi:2014:r2.6::::::

History

10 Jul 2025, 17:06

Type	Values Removed	Values Added
References	~~() https://www.nagios.com/change-log/ -~~	() https://www.nagios.com/change-log/ - Release Notes
First Time		Nagios Nagios nagios Xi
CPE		cpe:2.3:a:nagios:nagios_xi:2014:r1.3:::::: cpe:2.3:a:nagios:nagios_xi:2014:r2.4:::::: cpe:2.3:a:nagios:nagios_xi:2014:r2.5:::::: cpe:2.3:a:nagios:nagios_xi:2014:r1.0:::::: cpe:2.3:a:nagios:nagios_xi:2014:r1.1:::::: cpe:2.3:a:nagios:nagios_xi:2014:r2.7:::::: cpe:2.3:a:nagios:nagios_xi:::::::: cpe:2.3:a:nagios:nagios_xi:2014:r1.4:::::: cpe:2.3:a:nagios:nagios_xi:2014:r2.1:::::: cpe:2.3:a:nagios:nagios_xi:2014:r2.0:::::: cpe:2.3:a:nagios:nagios_xi:2014:r2.2:::::: cpe:2.3:a:nagios:nagios_xi:2014:r2.6:::::: cpe:2.3:a:nagios:nagios_xi:2014:r1.2:::::: cpe:2.3:a:nagios:nagios_xi:2014:r2.3::::::

25 Oct 2024, 17:15

Type	Values Removed	Values Added
Summary	Nagios XI before 5.11.3 2024R1 was discovered to improperly handle API keys generation (randomly-generated), allowing attackers to possibly generate the same set of API keys for all users and utilize them to authenticate.	Nagios XI before 2024R1 was discovered to improperly handle API keys generation (randomly-generated), allowing attackers to possibly generate the same set of API keys for all users and utilize them to authenticate.

14 Oct 2024, 19:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-10-14 19:15

Updated : 2025-07-10 17:06

NVD link : CVE-2023-48082

Mitre link : CVE-2023-48082

JSON object : View

Products Affected

nagios

nagios_xi

CWE

No CWE.

JSON object

Attach tags to CVE-2023-48082

Attach tags to `CVE-2023-48082`