CVE-2023-7322
Published: 30 October 2025
Description
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
Security Summary
CVE-2023-7322 is an incorrect authorization vulnerability (CWE-863) in Nagios Log Server versions prior to 2024R1. The flaw stems from inadequate checks that allow users without required API permissions to invoke API endpoints anyway, enabling unintended access to data and execution of actions exposed through the API. This permits authenticated but non-privileged users to read or modify resources beyond their designated rights.
The vulnerability can be exploited by an authenticated attacker with low privileges over the network, requiring low attack complexity and no user interaction. Successful exploitation grants high confidentiality and integrity impacts, such as unauthorized data access or modification, with no availability disruption. The CVSS v3.1 base score is 8.1 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N).
Advisories from Nagios and Vulncheck recommend upgrading to Nagios Log Server 2024R1 to address the authorization flaw, as detailed in the official changelog and the Vulncheck advisory on the incorrect authorization granting full API access.
Details
- CWE(s)
Affected Products
MITRE ATT&CK Enterprise Techniques
Why these techniques?
Incorrect authorization (CWE-863) enables low-privileged authenticated users to invoke restricted API endpoints, gaining unauthorized access to data and execution of actions, mapping directly to exploitation for privilege escalation.