Ce mail provient de l'extérieur, restons vigilants

=====================================================================

                            CERT-Renater

                Note d'Information No. 2025/VULN684
_____________________________________________________________________

DATE                : 09/10/2025

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S): Systems running Nagios Log Server versions prior
                                      to 2024R1.3.2.

=====================================================================
https://www.nagios.com/changelog/#log-server-2024R1
_____________________________________________________________________

2024R1.3.2 - 04/09/2025
Security

    Fixed an issue where a non-admin user can shut down Elasticsearch
via the API [GL:NLS#474] – JM
    Fixed an issue where a user can enumerate all the system users
and retrieve their API tokens [GL:NLS#475] – JM
    Fixed a privilege escalation issue where a user can edit their
own email and put in an invalid address [GL:NLS#476] – JM


Fixed

    Fixed an issue where the edit user screen doesn’t always show the
save/cancel buttons [GL: NLS#479] – JM
    Fixed an issue where alerts were causing warnings to be printed
to the jobs log [GL:NLS#447, NLS#446, NLS#444] – JS
    Fixed an issue where background tasks would experience
scheduling drift [GL:NLS#17] – SAW


Updated

    Updated NCPA installation to NCPA 3 for all distros [GL:NLS#431] – JS

    Updated cURL instructions to download scripts from Nagios
Log Server to account for self-signed SSL certificates [GL:NLS#422] – JS


=========================================================
+ CERT-RENATER        |    tel : 01-53-94-20-44         +
+ 23/25 Rue Daviel    |    fax : 01-53-94-20-41         +
+ 75013 Paris         |   email:cert@support.renater.fr +
=========================================================