Nagios Log Server: API Auth Check Flaw CVE-2023-7322
CVE-2023-7322 Published on October 30, 2025
Nagios Log Server < 2024R1 Incorrect Authorization Granting Full API Access
Nagios Log Server versions prior to 2024R1 contain an incorrect authorization vulnerability. Users who lacked the required API permission were nevertheless able to invoke API endpoints, resulting in unintended access to data and actions exposed via the API. This incorrect authorization check could allow authenticated but non-privileged users to read or modify resources beyond their intended rights.
Weakness Type
What is an AuthZ Vulnerability?
The software performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. This allows attackers to bypass intended access restrictions.
CVE-2023-7322 has been classified to as an AuthZ vulnerability or weakness.
Products Associated with CVE-2023-7322
Want to know whenever a new CVE is published for Nagios Log Server? stack.watch will email you.
Affected Versions
Nagios Log Server:- Before 2024R1 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.