CVE-2018-17148

An Insufficient Access Control vulnerability (leading to credential disclosure) in coreconfigsnapshot.php (aka configuration snapshot page) in Nagios XI before 5.5.4 allows remote attackers to gain access to configuration files containing confidential credentials.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 57%
VendorProductVersion
nagiosnagios_xi
𝑥
< 5.5.4
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://assets.nagios.com/downloads/nagiosxi/CHANGES-5.TXT
https://assets.nagios.com/downloads/nagiosxi/CHANGES-5.TXT