====================================================================

                             CERT-Renater

                 Note d'Information No. 2020/VULN626
_____________________________________________________________________

DATE                : 13/11/2020

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S): Systems running Nagios XI versions prior to 5.7.5.

=====================================================================
https://www.nagios.com/downloads/nagios-xi/change-log/
_____________________________________________________________________

5.7.5 - 11/12/2020

    Fixed security issues with AngularJS 1.3.9 by upgrading to 1.8.2 -JO
    Fixed various XSS security issues with older version of Bootstrap
     3.3.x by upgrading to 3.4.1 in both Desktop and Mobile -JO
    Fixed mobile redirect when trying to access the rapid response URL
     [TPS#15372] -JO
    Fixed various XSS security vulnerabilities in Manage Users,
     Notification Settings, Agent Management, and Deploy Dashboard pages
     (thanks Namratha) -JO
    Fixed privilege escalation security vulnerability with
     Auto-Discovery php script (thanks Chris Lyne of Tenable) -JO
    Fixed authenticated remote code execution in Auto-Discovery
     component (thanks Shahar Zini and Samir Ghanem from Skylight Cyber
     Security) -JO
    Core Config Manager (CCM) - 3.0.8

    Fixed various XSS security vulnerabilities in overlay and
      notification/check period -JO
    Fixed issue with command escaping in Test Check Command [TPS#15167]
    -JO

=========================================================
+ CERT-RENATER       |    tel : 01-53-94-20-44          +
+ 23/25 Rue Daviel   |    fax : 01-53-94-20-41          +
+ 75013 Paris        |    email:cert@support.renater.fr +
=========================================================