Monitorix 3.13.0 allows remote malicious users to bypass Basic Authentication in a default installation (i.e., an installation without a hosts_deny option). This issue occurred because a new access-control feature was introduced without considering that some exiting installations became unsafe, upon an update to 3.13.0, unless the new feature was immediately configured.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
fibranet monitorix 3.13.0 |
||
fedoraproject fedora 32 |
||
fedoraproject fedora 33 |