Title: NagVis: Updated to 1.9.42 (fix security issues)
Class: security
Compatible: compat
Component: packages
Date: 1720609589
Edition: cre
Level: 1
Version: 2.1.0p46
NagVis has been updated to version 1.9.42.
This update fixes the following security issues:
- Fix various XSS issues (CVSS score: 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
- Fix potential RCE
- Fix insecure password hashing algorithm for dedicated NagVis users (CVSS score 5.1
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)
- Fix leak of installation path in error messages
- Fix Make cookie hash comparison timing safe