Candidate: CVE-2021-3325
PublicDate: 2021-01-27 19:15:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3325
 https://github.com/mikaku/Monitorix/commit/d6816e20da1a98bcdc6372d9c36a093df5238f4a
 https://github.com/mikaku/Monitorix/compare/v3.13.0...v3.13.1
 https://github.com/mikaku/Monitorix/issues/309
Description:
 Monitorix 3.13.0 allows remote attackers to bypass Basic Authentication in
 a default installation (i.e., an installation without a hosts_deny option).
 This issue occurred because a new access-control feature was introduced
 without considering that some exiting installations became unsafe, upon an
 update to 3.13.0, unless the new feature was immediately configured.
Ubuntu-Description:
Notes:
Mitigation:
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H [9.8 CRITICAL]


Patches_monitorix:
upstream_monitorix: needs-triage
precise/esm_monitorix: DNE
trusty_monitorix: ignored (out of standard support)
trusty/esm_monitorix: DNE
xenial_monitorix: DNE
bionic_monitorix: DNE
focal_monitorix: not-affected (3.12.0-1)
groovy_monitorix: not-affected (3.12.0-1)
devel_monitorix: not-affected (3.12.0-2)