Hello Andreas,
Am 12.05.2013 11:25, schrieb Andreas Ericsson:
> On 2013-05-06 10:42, Jonas Meurer wrote:
>> Hello,
>>
>> I fear that I discovered a security issue in Nagios 3.4.4
>> status.cgi:
>>
>> All htaccess users, even if not listed in any authorized_for_*
>> config
>> option, have full ac
On 2013-05-06 10:42, Jonas Meurer wrote:
> Hello,
>
> I fear that I discovered a security issue in Nagios 3.4.4 status.cgi:
>
> All htaccess users, even if not listed in any authorized_for_* config
> option, have full access to service group overview, summary and grid:
> /nagios/cgi-bin/status.cgi?
Hello,
Am 06.05.2013 10:42, schrieb Jonas Meurer:
> I fear that I discovered a security issue in Nagios 3.4.4 status.cgi:
no comments on that?
> All htaccess users, even if not listed in any authorized_for_* config
> option, have full access to service group overview, summary and grid:
> /nagio
