{ "affected": [ { "database_specific": { "unresolved_ranges": [ { "events": [ { "introduced": "0" }, { "fixed": "2024" } ] }, { "events": [ { "introduced": "0" }, { "last_affected": "2024-r1" } ] }, { "events": [ { "introduced": "0" }, { "last_affected": "2024-r1\\.0\\.1" } ] }, { "events": [ { "introduced": "0" }, { "last_affected": "2024-r1\\.0\\.2" } ] }, { "events": [ { "introduced": "0" }, { "last_affected": "2024-r1\\.1" } ] }, { "events": [ { "introduced": "0" }, { "last_affected": "2024-r1\\.2" } ] }, { "events": [ { "introduced": "0" }, { "last_affected": "2024-r1\\.3" } ] }, { "events": [ { "introduced": "0" }, { "last_affected": "2024-r1\\.3\\.1" } ] }, { "events": [ { "introduced": "0" }, { "last_affected": "2024-r1\\.3\\.2" } ] }, { "events": [ { "introduced": "0" }, { "last_affected": "2024-r1\\.3\\.3" } ] }, { "events": [ { "introduced": "0" }, { "last_affected": "2024-r1\\.3\\.4" } ] }, { "events": [ { "introduced": "0" }, { "last_affected": "2024-r1\\.3\\.5" } ] }, { "events": [ { "introduced": "0" }, { "last_affected": "2024-r2" } ] }, { "events": [ { "introduced": "0" }, { "last_affected": "2024-r2\\.0\\.1" } ] }, { "events": [ { "introduced": "0" }, { "last_affected": "2024-r2\\.0\\.2" } ] } ] } } ], "details": "Nagios Log Server versions prior to 2024R2.0.3 contain an incorrect authorization vulnerability that allows non-administrator users to delete global dashboards. The application did not correctly enforce authorization checks for the global dashboard deletion workflow, enabling lower-privileged users to remove dashboards that affect other users or the overall monitoring UI.", "id": "CVE-2025-34273", "modified": "2026-03-15T21:46:11.372253943Z", "published": "2025-10-30T22:15:47.953Z", "references": [ { "type": "ADVISORY", "url": "https://www.nagios.com/changelog/#log-server" }, { "type": "ADVISORY", "url": "https://www.nagios.com/products/security/#log-server-2024R2" }, { "type": "ADVISORY", "url": "https://www.vulncheck.com/advisories/nagios-log-server-non-admin-dashboard-deletion" } ], "severity": [ { "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "type": "CVSS_V3" } ] }