====================================================================

                             CERT-Renater

                 Note d'Information No. 2021/VULN198
_____________________________________________________________________

DATE                : 02/04/2021

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S): Systems running Nagios versions prior to 5.8.3.

=====================================================================
https://www.nagios.com/downloads/nagios-xi/change-log/
_____________________________________________________________________

5.8.3 - 03/31/2021

    Updated jQuery to version 3.6.0 to fix minor issues -JO

    Updated email validation to require RFC 822 valid email addresses to
fix possible security vulnerabilities -JO

    Fixed install process on Oracle Linux 8 due to mod_php being used
instead of php-fpm like CentOS/RHEL -JO

    Fixed config/ endpoints to properly display array of contacts (and
other objects) when using append (+) in config [TPS#15509] -JO

    Fixed argument quoting in mysqlrepair and restore_xi scripts -DC,JO

    Fixed issue with Scheduled Backups sending local backup success
email with SSH or FTP emails [TPS#15501] -JO

    Fixed API help/example PUT config calls not working properly due to
space not being url encoded [TPS#15505] -JO

    Fixed XSS vulnerability in user Email Address field when on Send
Test Notification page -JO

    Fixed possible RCE vulnerability via Email Address not being
properly validated (CVE-2020-24899) -JO

    Fixed scheduled reports jobs not changing with username change
[TPS#15502] -JO

    Fixed issue where masquerade button in the Manage Users page wasn't
working on some OS/PHP versions -JO

    Fixed issues with MIB integration after upgrading to SNMPTT 1.4.2
[TPS#15376] -SAW

    Fixed issues with Undo Trap Processing button [TPS#15500] -SAW

    Fixed issue with downgraded ndo2db systems where limited users would
not properly load data due to is_ndo_loaded failing -JO


=========================================================
+ CERT-RENATER       |    tel : 01-53-94-20-44          +
+ 23/25 Rue Daviel   |    fax : 01-53-94-20-41          +
+ 75013 Paris        |    email:cert@support.renater.fr +
=========================================================