=====================================================================

                                 CERT-Renater

                     Note d'Information No. 2024/VULN102
_____________________________________________________________________

DATE                : 08/03/2024

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S): Systems running Nagios XI versions prior to
                                    2024R1.0.2.

=====================================================================
https://www.nagios.com/changelog/#nagios-xi
_____________________________________________________________________


2024R1.0.2 - 02/21/2024

     Fixed issue with column statistics table not existing with
offloaded databases and backups [GL:XI#247] – DA

     Fixed an issue where users would not be able to upgrade when
they had offloaded databases [GL:XI#584] – DA

     Fixed an issue where backups would fail due to a full tmp
directory [GL:XI#602] – DA

     Fixed XSS in Nagios Core command expansion page (Thanks to
Joran LEREEC for reporting this) [GL:XI#654] – DA

     Fixed a SQL injection vulnerability in favorites component.
(Thanks to Jarod Jaslow for reporting this) (CVE-2024-24401)
[GL:XI#667] – DA

     Fixed a privilege escalation vulnerability from nagios to
root (Thanks to Jarod Jaslow for reporting this) (CVE-2024-24402)
[GL:XI#668] – DA

     Fixed a privilege escalation vulnerability in autodiscover_new.php
(Thanks to Wahab Khadir for reporting this) [GL:XI#669] – DA

     Fixed an issue where recurring_downtime.php would exit because
of it’s own pid [GL:XI#693] – DA

     Deprecated Ubuntu 18 [GL:XI#579] – DA



=========================================================
+ CERT-RENATER        |    tel : 01-53-94-20-44         +
+ 23/25 Rue Daviel    |    fax : 01-53-94-20-41         +
+ 75013 Paris         |   email:cert@support.renater.fr +
=========================================================