{"id":"MGASA-2021-0209","summary":"Updated nagios packages fix a security vulnerability","details":"Nagios 4.4.5 allows an attacker, who already has administrative access to\nchange the \"URL for JSON CGIs\" configuration setting, to modify the Alert\nHistogram and Trends code via crafted versions of the archivejson.cgi,\nobjectjson.cgi, and statusjson.cgi files (CVE-2020-13977).\n","modified":"2026-02-04T02:32:21.867334Z","published":"2021-05-12T09:56:40Z","related":["CVE-2020-13977"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2021-0209.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=28557"},{"type":"REPORT","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/JUEIABR4Y6L5J5MZDFWU46ZWXMJO64U3/"}],"affected":[{"package":{"name":"nagios","ecosystem":"Mageia:7","purl":"pkg:rpm/mageia/nagios?arch=source&distro=mageia-7"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.4.3-2.1.mga7"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2021-0209.json"}}],"schema_version":"1.7.3","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}