Candidate: CVE-2018-18245
PublicDate: 2018-12-17 15:29:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18245
 https://herolab.usd.de/wp-content/uploads/sites/4/2018/12/usd20180026.txt
Description:
 Nagios Core 4.4.2 has XSS via the alert summary reports of plugin results,
 as demonstrated by a SCRIPT element delivered by a modified check_load
 plugin to NRPE.
Ubuntu-Description:
Notes:
Bugs:
 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=917138
Priority: low
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N [5.4 MEDIUM]


Patches_nagios3:
upstream_nagios3: released (3.5.1.dfsg-2+deb8u1)
precise/esm_nagios3: DNE
trusty_nagios3: ignored (reached end-of-life)
trusty/esm_nagios3: DNE (trusty was needs-triage)
xenial_nagios3: ignored (end of standard support, was needed)
esm-infra/xenial_nagios3: needed
bionic_nagios3: needed
cosmic_nagios3: DNE
disco_nagios3: DNE
eoan_nagios3: DNE
focal_nagios3: DNE
groovy_nagios3: DNE
hirsute_nagios3: DNE
impish_nagios3: DNE
jammy_nagios3: DNE
devel_nagios3: DNE

Patches_nagios4:
 upstream: https://github.com/NagiosEnterprises/nagioscore/commit/0329033db9a1d0954c304f209ea88824e8f78b8a
upstream_nagios4: released (4.3.4-3)
precise/esm_nagios4: DNE
trusty_nagios4: DNE
trusty/esm_nagios4: DNE
xenial_nagios4: DNE
bionic_nagios4: DNE
cosmic_nagios4: ignored (reached end-of-life)
disco_nagios4: not-affected (4.3.4-3)
eoan_nagios4: not-affected (4.3.4-3)
focal_nagios4: not-affected (4.3.4-3)
groovy_nagios4: not-affected (4.3.4-3)
hirsute_nagios4: not-affected (4.3.4-3)
impish_nagios4: not-affected (4.3.4-3)
jammy_nagios4: not-affected (4.3.4-3)
devel_nagios4: not-affected (4.3.4-3)