{ "affected": [ { "database_specific": { "unresolved_ranges": [ { "events": [ { "introduced": "0" }, { "fixed": "2024" } ] }, { "events": [ { "introduced": "0" }, { "last_affected": "2024-r1" } ] }, { "events": [ { "introduced": "0" }, { "last_affected": "2024-r1\\.0\\.1" } ] }, { "events": [ { "introduced": "0" }, { "last_affected": "2024-r1\\.0\\.2" } ] }, { "events": [ { "introduced": "0" }, { "last_affected": "2024-r1\\.1" } ] }, { "events": [ { "introduced": "0" }, { "last_affected": "2024-r1\\.2" } ] }, { "events": [ { "introduced": "0" }, { "last_affected": "2024-r1\\.3" } ] }, { "events": [ { "introduced": "0" }, { "last_affected": "2024-r1\\.3\\.1" } ] }, { "events": [ { "introduced": "0" }, { "last_affected": "2024-r1\\.3\\.2" } ] }, { "events": [ { "introduced": "0" }, { "last_affected": "2024-r1\\.3\\.3" } ] }, { "events": [ { "introduced": "0" }, { "last_affected": "2024-r1\\.3\\.4" } ] }, { "events": [ { "introduced": "0" }, { "last_affected": "2024-r1\\.3\\.5" } ] }, { "events": [ { "introduced": "0" }, { "last_affected": "2024-r2" } ] }, { "events": [ { "introduced": "0" }, { "last_affected": "2024-r2\\.0\\.1" } ] } ] } } ], "details": "Nagios Log Server versions prior to 2024R2.0.2 contain a vulnerability in the cluster manager component when requesting sensitive credentials from peer nodes over an unencrypted channel even when SSL/TLS is enabled in the product configuration. As a result, an attacker positioned on the network path can intercept credentials in transit. Captured credentials could allow the attacker to authenticate as a cluster node or service account, enabling further unauthorized access, lateral movement, or system compromise.", "id": "CVE-2025-34271", "modified": "2026-03-14T13:51:09.489949207Z", "published": "2025-10-30T22:15:47.673Z", "references": [ { "type": "ADVISORY", "url": "https://www.nagios.com/changelog/#log-server" }, { "type": "ADVISORY", "url": "https://www.nagios.com/products/security/#log-server-2024R2" }, { "type": "ADVISORY", "url": "https://www.vulncheck.com/advisories/nagios-log-server-cluster-manager-credential-requests-sent-over-plaintext" } ], "severity": [ { "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "type": "CVSS_V3" } ] }