====================================================================

                             CERT-Renater

                 Note d'Information No. 2021/VULN316
_____________________________________________________________________

DATE                : 11/06/2021

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S): Systems running Nagios XI versions prior to 5.8.4.

=====================================================================
https://www.nagios.com/downloads/nagios-xi/change-log/
_____________________________________________________________________

 5.8.4 - 06/10/2021

    Updated getprofile.sh to delete a new profile's folder before
       generating contents -JO
    Fixed install on newer Debian 9 systems due to default pip version
       [TPS#15535] -JO
    Fixed issues with logrotate -JO,DC
    Fixed getprofile.sh db_host value to properly pull from
       config.inc.php -JO,DC
    Fixed vulnerability in getprofile.sh not clearing directory before
        creating profile -JO
    Fixed restore_xi.sh using relative directory path -JO,DC
    Fixed SQL injection vulnerability in Bulk Modifications Tool -JO
    Fixed XSS security vulnerability in about section -JO
    Fixed the "use" option to properly apply when using the
        config/contacts API endpoint -SS,JO
    Fixed security issue for config when upgrading system [TPS#15551]
        -JO
    Core Config Manager (CCM) - 3.1.2

    Fixed XSS security vulnerability in CCM lock page functionality -JO


=========================================================
+ CERT-RENATER       |    tel : 01-53-94-20-44          +
+ 23/25 Rue Daviel   |    fax : 01-53-94-20-41          +
+ 75013 Paris        |    email:cert@support.renater.fr +
=========================================================