Vulnerabilities > CVE-2021-3325

CVSS 9.8 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

fibranet

fedoraproject

critical

NVD

Published: 2021-01-27

Updated: 2023-11-07

Summary

Monitorix 3.13.0 allows remote attackers to bypass Basic Authentication in a default installation (i.e., an installation without a hosts_deny option). This issue occurred because a new access-control feature was introduced without considering that some exiting installations became unsafe, upon an update to 3.13.0, unless the new feature was immediately configured.

Vulnerable Configurations

Part	Description	Count
Application	Fibranet Fibranet Monitorix 3.13.0	1
OS	Fedoraproject Fedoraproject Fedora 32 Fedoraproject Fedora 33	2

References

https://github.com/mikaku/Monitorix/compare/v3.13.0...v3.13.1
https://github.com/mikaku/Monitorix/issues/309
https://github.com/mikaku/Monitorix/commit/d6816e20da1a98bcdc6372d9c36a093df5238f4a
https://www.monitorix.org/news.html?n=20210127
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IGG6WK44CYY6GEFRTCUEDANVNSX5NDH7/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/67DDUU56LP76AJ2K7WJ733QPL2FHKKNG/

Vulnerabilities > CVE-2021-3325 {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"CVE-2021-3325"}]}

Summary

Vulnerable Configurations

References

Vulnerabilities > CVE-2021-3325