Open carnil opened 3 years ago
It looks like we received information from the author on this, but never heard about the CVE number. @sawolf can you please provide any relevant information.
Hi, is there a fix for CVE-2020-35269? if so, in what commit?
thanks in advance!
Hi,
Sorry for the late response - the vulnerabilities were released while I was on holiday (the researcher didn't give us a release timeline).
The fix for this is to implement CSRF protection - I'll have the fix for this and his other issue (no session expiration) available for you in a couple days hopefully.
thanks!
Hi @carnil and @OrenSavichWS,
I spent a bit more time looking at CVE-2020-35269, and it seems I made a mistake when reproducing the vulnerability. The issue isn't with our CSRF protection, it's instead due to the Core CGIs using HTTP by default, so that someone sniffing the requests can see CSRF tokens in plaintext.
You can mitigate this on your own servers by changing your apache configuration (the default location is /etc/httpd/conf.d/nagios.conf) to include SSL protection for both /nagios and /nagios/cgi-bin. I'll be updating the default configuration in the near future.
Hi
Checking through new assigned CVEs today we noticed the CVE-2020-35269. Unfortunately there is only the following description
And as reference only https://gist.github.com/MoSalah20/d1d40b43eafba0bd22ee4cddecad3cbc .
Is that something you know already and is this issue fixed already?
The information in the CVE is more than vague.
Thank you already.