=====================================================================

                                CERT-Renater

                      Note d'Information No. 2023/VULN453

_____________________________________________________________________

DATE                : 06/11/2023

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S): Systems running Nagios XI versions prior to
                                         5.11.3.

=====================================================================
https://www.nagios.com/change-log/
_____________________________________________________________________


5.11.3 - 11/01/2023

     Added the ability to modify homepage settings when a dashboard
is set as the homepage – BB
     Improved UX of the Operation Center configure sound modal
[GL:XI#370] – SG
     Fixed an issue where phantomjs was not working properly on an
offline upgrade – CB
     Fixed an issue with unhelpful error messages in email settings
[GL:XI#363] – AC
     Fixed an issue in Executive Summary where the report would be
named incorrectly for [Host Only] and [All Services] reports
[GL:XI#340] – SAW
     Fixed an issue in State History where the report would show
service states when [Host Only] was selected [GL:XI#340] – SAW
     Fixed typo in Performance Settings – SAW
     Fixed an issue where Homepage Customization would indicate that
it was disabled when it was enabled [GL:XI#376] – BB
     Fixed an issue where Homepage Customization cog would not show
in the dashboard view [GL:XI#376] – BB
     Fixed an issue that caused “Send Test Email” button to break if
“From Address” was invalid [GL:XI#367] – BB
     Fixed an issue that caused performance graphs to display an
incorrect “Max” value [GL:XI#336] – BB
     Fixed an issue where host and service statuses would be
partially truncated on Ubuntu [GL:XI#259] – BB
     Fixed an issue where the Announcement Banners table looked broken
when there were no banners configured [GL:XI#358] – SG
     Fixed an issue that caused errors to show when using a dashboard
as the home page – BB
     Fixed an issue where Deploy Agent would fail when deploying to an
Ubuntu minimal install [GL:XI#177] – BB
     Fixed an issue that was causing browser console errors on the
Email page – BB
     Fixed an issue where the Host status detail page was showing OK
when a service was Pending [GL:XI#352] – BB
     Fixed an issue where adding/editing a command in the CCM would
have a broken page – BB
     Fixed an issue where CCM forms could show errors when editing
commands or services – BB
     Fixed an issue where Bulk Modifications -> Add Parent Host would
break on PHP 8 [GL:XI#375] – BB
     Fixed missing dependency (php-pecl-ssh2) in Scheduled Backups
[GL:XI#290] – BB
     Fixed an XSS in the custom logo component (Thanks Astrid
Tedenbrant and Outpost24 for reporting this) [GL:XI#412] – BB
     Fixed an XSS vulnerability in the Graph Explorer component
(Thanks Aleksey Solovev from Positive Technologies for reporting
this) [GL:XI#384] – SG
     Fixed an XSS vulnerability in bandwidthreport component (Thanks
Aleksey Solovev from Positive Technologies for reporting this)
[GL:XI#385,#463] – SG
     Fixed an XSS vulnerability in Bulk Modifications component
(Thanks Aleksey Solovev from Positive Technologies for reporting this)
[GL:XI#386] – SG
     Fixed a CSRF and XSS vulnerability in the custom-includes component
(Thanks Aleksey Solovev from Positive Technologies for reporting this)
[GL:XI#387] – BB
     Fixed a CSRF and XSS vulnerability in the hypermap replay component
(Thanks Aleksey Solovev from Positive Technologies for reporting this)
[GL:XI#388] – BB
     Fixed an XSS vulnerability in the CCM (Thanks Aleksey Solovev from
Positive Technologies for reporting this) [GL:XI#389] – BB
     Fixed several SQL injection vulnerabilities in the Bulk
Modifications Tool (Thanks Aleksey Solovev from Positive Technologies
for reporting this) [GL:XI#390] – SG
     Fixed a shell injection vulnerability in the Manage MIBs page (Thanks
Aleksey Solovev from Positive Technologies for reporting this)
[GL:XI#392] – SG
     Fixed missing authorization controls in Unconfigured Objects
(Thanks Oliver Brooks and Colin Brum from NCC Group for reporting this)
[GL:XI#419] – BB
     Fixed an XSS vulnerability in Manage Users (Thanks Oliver Brooks
and Colin Brum from NCC Group for reporting this) [GL:XI#429] – BB
     Fixed a PHP code injection vulnerability in the graph template
editor (Thanks Oliver Brooks and Colin Brum from NCC Group for
reporting this) [GL:XI#430] – BB




=========================================================
+ CERT-RENATER        |    tel : 01-53-94-20-44         +
+ 23/25 Rue Daviel    |    fax : 01-53-94-20-41         +
+ 75013 Paris         |   email:cert@support.renater.fr +
=========================================================