CVE-2023-7322

moderate-risk

Published 2025-10-30

Nagios Log Server versions prior to 2024R1 contain an incorrect authorization vulnerability. Users who lacked the required API permission were nevertheless able to invoke API endpoints, resulting in unintended access to data and actions exposed via the API. This incorrect authorization check could allow authenticated but non-privileged users to read or modify resources beyond their intended rights.

Do I need to act?

0.24% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 8.1/10 High

NETWORK / LOW complexity

Affected Products (1)

Log Server

Affected Vendors

Nagios

References (2)

Release Notes https://www.nagios.com/changelog/nagios-log-server-2024r1/

Third Party Advisory https://www.vulncheck.com/advisories/nagios-log-server-incorrect-authorization-g...

/ 100

moderate-risk

Severity 28/34 · Critical

Exploitability 1/34 · Minimal

Exposure 5/34 · Minimal