CVE-2020-28910
First published: Mon May 24 2021(Updated: )
Creation of a Temporary Directory with Insecure Permissions in Nagios XI 5.7.5 and earlier allows for Privilege Escalation via creation of symlinks, which are mishandled in getprofile.sh.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Nagios Nagios XI | <=5.7.5 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this security issue?
The vulnerability ID for this security issue is CVE-2020-28910.
What is the severity level of CVE-2020-28910?
The severity level of CVE-2020-28910 is critical.
How does CVE-2020-28910 affect Nagios XI?
CVE-2020-28910 affects Nagios XI versions 5.7.5 and earlier.
What is the risk associated with CVE-2020-28910?
CVE-2020-28910 poses a high risk of privilege escalation through the creation of insecurely permissioned temporary directories and mishandling of symlinks in getprofile.sh.
Are there any available fixes for CVE-2020-28910?
Yes, updates and patches are available from the Nagios website to fix CVE-2020-28910.
- collector/nvd-index
- agent/references
- agent/severity
- agent/weakness
- agent/author
- agent/type
- agent/event
- agent/description
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/nagios
- canonical/nagios nagios xi
- version/nagios nagios xi/5.7.5