CVE-2024-13995 Nagios XI < 2024R1.1.2 API Keys & Hashed Passwords Authenticated Information Disclosure

🗓️ 30 Oct 2025 21:29:55Reported by VulnCheckType

Nagios XI before 2024R1.1.2 may disclose API keys and password hashes to authenticated users.

Reporter	Title	Published	Views	Family All 11
CNNVD	Nagios XI 安全漏洞	30 Oct 202500:00	–	cnnvd
CVE	CVE-2024-13995	30 Oct 202521:29	–	cve
EUVD	EUVD-2024-55056	31 Oct 202500:30	–	euvd
EUVD	EUVD-2024-55064	4 Nov 202500:32	–	euvd
NVD	CVE-2024-13995	30 Oct 202522:15	–	nvd
OSV	CVE-2024-13995	30 Oct 202522:15	–	osv
OSV	CVE-2024-13998	3 Nov 202522:16	–	osv
Positive Technologies	PT-2025-44498	30 Oct 202500:00	–	ptsecurity
Positive Technologies	PT-2025-44801	3 Nov 202500:00	–	ptsecurity
RedhatCVE	CVE-2024-13995	31 Oct 202522:07	–	redhatcve

[
  {
    "defaultStatus": "unaffected",
    "modules": [
      "User Account Management / API Key and Credential Storage"
    ],
    "product": "XI",
    "vendor": "Nagios",
    "versions": [
      {
        "lessThan": "2024R1.1.2",
        "status": "affected",
        "version": "2024R1.1",
        "versionType": "custom"
      },
      {
        "lessThan": "2024R1.1.2",
        "status": "affected",
        "version": "2024R1.1.1",
        "versionType": "custom"
      },
      {
        "lessThan": "2024R1.1.2",
        "status": "unknown",
        "version": "0",
        "versionType": "custom"
      }
    ]
  }
]

Source	Link
vulncheck	www.vulncheck.com/advisories/nagios-xi-api-keys-and-hashed-password-authenticated-information-disclosure
nagios	www.nagios.com/products/security/
nagios	www.nagios.com/changelog/nagios-xi/

17 Nov 2025 18:21Current

CVSS 47.1

EPSS0.02119

CWE-497