CVE-2023-7322 HIGH

CVE-2023-7322: Nagios Log Server < 2024R1 Incorrect Authorization Granting Full API Access

Vendor Nagios

Product Log Server

Weakness CWE-863 · Incorrect authorization

Published October 30, 2025

Last update November 17, 2025

View on NVD All CVEs

CVSS base score

8.7/10

Attack vector Network

Attack complexity Low

Privileges required Low

User interaction None

Confidentiality —

Integrity —

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

What the vulnerability does

01Description

Nagios Log Server versions prior to 2024R1 contain an incorrect authorization vulnerability. Users who lacked the required API permission were nevertheless able to invoke API endpoints, resulting in unintended access to data and actions exposed via the API. This incorrect authorization check could allow authenticated but non-privileged users to read or modify resources beyond their intended rights.

Key dates

02Disclosure timeline

October 30, 2025 CVE published

November 17, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2023-7322 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/863.html

Related vulnerabilities

CVE-2023-7322: Nagios Log Server < 2024R1 Incorrect Authorization Granting Full API Access

01Description

02Disclosure timeline

03References

04Related CVE