CVE-2020-13977 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2020-13977 Interim 1 25 2025-02-17T01:27:10Z current 2021-05-30T14:40:49Z 2025-02-17T01:27:10Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2020-13977 Nagios 4.4.5 allows an attacker, who already has administrative access to change the "URL for JSON CGIs" configuration setting, to modify the Alert Histogram and Trends code via crafted versions of the archivejson.cgi, objectjson.cgi, and statusjson.cgi files. NOTE: this vulnerability has been mistakenly associated with CVE-2020-1408. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/RCXDSKLLDI4CG7PLAOOYGYVNNNQLL5WP/ E-Mail link for openSUSE-SU-2021:0715-1 https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/ZGYA3HEIHYY2MWEAOFFMZUBPGWKUXYI2/ E-Mail link for openSUSE-SU-2021:0735-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings SUSE Linux Enterprise Server 11 SP1 for Teradata SUSE Linux Enterprise Server 11 SP3 for Teradata SUSE Linux Enterprise Server 11 SP4 LTSS SUSE Package Hub 15 SP1 SUSE Package Hub 15 SP2 openSUSE Leap 15.2 openSUSE Tumbleweed nagios nagios-4.4.6-2.5 nagios-4.4.6-bp151.4.6.1 nagios-4.4.6-bp152.2.3.1 nagios-4.4.6-lp152.2.3.1 nagios-contrib-4.4.6-2.5 nagios-contrib-4.4.6-bp151.4.6.1 nagios-contrib-4.4.6-bp152.2.3.1 nagios-contrib-4.4.6-lp152.2.3.1 nagios-devel-4.4.6-2.5 nagios-devel-4.4.6-bp151.4.6.1 nagios-devel-4.4.6-bp152.2.3.1 nagios-devel-4.4.6-lp152.2.3.1 nagios-theme-exfoliation-4.4.6-2.5 nagios-theme-exfoliation-4.4.6-bp151.4.6.1 nagios-theme-exfoliation-4.4.6-bp152.2.3.1 nagios-theme-exfoliation-4.4.6-lp152.2.3.1 nagios-www-4.4.6-2.5 nagios-www-4.4.6-bp151.4.6.1 nagios-www-4.4.6-bp152.2.3.1 nagios-www-4.4.6-lp152.2.3.1 nagios-www-dch-4.4.6-2.5 nagios-www-dch-4.4.6-bp151.4.6.1 nagios-www-dch-4.4.6-bp152.2.3.1 nagios-www-dch-4.4.6-lp152.2.3.1 nagios-4.4.6-bp151.4.6.1 as a component of SUSE Package Hub 15 SP1 nagios-contrib-4.4.6-bp151.4.6.1 as a component of SUSE Package Hub 15 SP1 nagios-devel-4.4.6-bp151.4.6.1 as a component of SUSE Package Hub 15 SP1 nagios-theme-exfoliation-4.4.6-bp151.4.6.1 as a component of SUSE Package Hub 15 SP1 nagios-www-4.4.6-bp151.4.6.1 as a component of SUSE Package Hub 15 SP1 nagios-www-dch-4.4.6-bp151.4.6.1 as a component of SUSE Package Hub 15 SP1 nagios-4.4.6-bp152.2.3.1 as a component of SUSE Package Hub 15 SP2 nagios-contrib-4.4.6-bp152.2.3.1 as a component of SUSE Package Hub 15 SP2 nagios-devel-4.4.6-bp152.2.3.1 as a component of SUSE Package Hub 15 SP2 nagios-theme-exfoliation-4.4.6-bp152.2.3.1 as a component of SUSE Package Hub 15 SP2 nagios-www-4.4.6-bp152.2.3.1 as a component of SUSE Package Hub 15 SP2 nagios-www-dch-4.4.6-bp152.2.3.1 as a component of SUSE Package Hub 15 SP2 nagios-4.4.6-lp152.2.3.1 as a component of openSUSE Leap 15.2 nagios-contrib-4.4.6-lp152.2.3.1 as a component of openSUSE Leap 15.2 nagios-devel-4.4.6-lp152.2.3.1 as a component of openSUSE Leap 15.2 nagios-theme-exfoliation-4.4.6-lp152.2.3.1 as a component of openSUSE Leap 15.2 nagios-www-4.4.6-lp152.2.3.1 as a component of openSUSE Leap 15.2 nagios-www-dch-4.4.6-lp152.2.3.1 as a component of openSUSE Leap 15.2 nagios-4.4.6-2.5 as a component of openSUSE Tumbleweed nagios-contrib-4.4.6-2.5 as a component of openSUSE Tumbleweed nagios-devel-4.4.6-2.5 as a component of openSUSE Tumbleweed nagios-theme-exfoliation-4.4.6-2.5 as a component of openSUSE Tumbleweed nagios-www-4.4.6-2.5 as a component of openSUSE Tumbleweed nagios-www-dch-4.4.6-2.5 as a component of openSUSE Tumbleweed nagios as a component of SUSE Linux Enterprise Server 11 SP1 for Teradata nagios as a component of SUSE Linux Enterprise Server 11 SP3 for Teradata nagios as a component of SUSE Linux Enterprise Server 11 SP4 LTSS Nagios 4.4.5 allows an attacker, who already has administrative access to change the "URL for JSON CGIs" configuration setting, to modify the Alert Histogram and Trends code via crafted versions of the archivejson.cgi, objectjson.cgi, and statusjson.cgi files. NOTE: this vulnerability has been mistakenly associated with CVE-2020-1408. CVE-2020-13977 SUSE Package Hub 15 SP1:nagios-4.4.6-bp151.4.6.1 SUSE Package Hub 15 SP1:nagios-contrib-4.4.6-bp151.4.6.1 SUSE Package Hub 15 SP1:nagios-devel-4.4.6-bp151.4.6.1 SUSE Package Hub 15 SP1:nagios-theme-exfoliation-4.4.6-bp151.4.6.1 SUSE Package Hub 15 SP1:nagios-www-4.4.6-bp151.4.6.1 SUSE Package Hub 15 SP1:nagios-www-dch-4.4.6-bp151.4.6.1 SUSE Package Hub 15 SP2:nagios-4.4.6-bp152.2.3.1 SUSE Package Hub 15 SP2:nagios-contrib-4.4.6-bp152.2.3.1 SUSE Package Hub 15 SP2:nagios-devel-4.4.6-bp152.2.3.1 SUSE Package Hub 15 SP2:nagios-theme-exfoliation-4.4.6-bp152.2.3.1 SUSE Package Hub 15 SP2:nagios-www-4.4.6-bp152.2.3.1 SUSE Package Hub 15 SP2:nagios-www-dch-4.4.6-bp152.2.3.1 openSUSE Leap 15.2:nagios-4.4.6-lp152.2.3.1 openSUSE Leap 15.2:nagios-contrib-4.4.6-lp152.2.3.1 openSUSE Leap 15.2:nagios-devel-4.4.6-lp152.2.3.1 openSUSE Leap 15.2:nagios-theme-exfoliation-4.4.6-lp152.2.3.1 openSUSE Leap 15.2:nagios-www-4.4.6-lp152.2.3.1 openSUSE Leap 15.2:nagios-www-dch-4.4.6-lp152.2.3.1 openSUSE Tumbleweed:nagios-4.4.6-2.5 openSUSE Tumbleweed:nagios-contrib-4.4.6-2.5 openSUSE Tumbleweed:nagios-devel-4.4.6-2.5 openSUSE Tumbleweed:nagios-theme-exfoliation-4.4.6-2.5 openSUSE Tumbleweed:nagios-www-4.4.6-2.5 openSUSE Tumbleweed:nagios-www-dch-4.4.6-2.5 SUSE Linux Enterprise Server 11 SP1 for Teradata:nagios SUSE Linux Enterprise Server 11 SP3 for Teradata:nagios SUSE Linux Enterprise Server 11 SP4 LTSS:nagios moderate 4 AV:N/AC:L/Au:S/C:N/I:P/A:N 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N