Hello, I fear that I discovered a security issue in Nagios 3.4.4 status.cgi:
All htaccess users, even if not listed in any authorized_for_* config option, have full access to service group overview, summary and grid: /nagios/cgi-bin/status.cgi?servicegroup=all&style=overview /nagios/cgi-bin/status.cgi?servicegroup=all&style=summary /nagios/cgi-bin/status.cgi?servicegroup=all&style=grid I hope that this is not intended. Is this issue known? Kind regards, jonas ------------------------------------------------------------------------------ Introducing AppDynamics Lite, a free troubleshooting tool for Java/.NET Get 100% visibility into your production application - at no cost. Code-level diagnostics for performance bottlenecks with <2% overhead Download for free and get started troubleshooting in minutes. http://p.sf.net/sfu/appdyn_d2d_ap1 _______________________________________________ Nagios-users mailing list Nagios-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/nagios-users ::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. ::: Messages without supporting info will risk being sent to /dev/null
