Nagios XI 5.10.0 - JQuery Vunerability

This support forum board is for support questions relating to Nagios XI, our flagship commercial network monitoring solution.
Post Reply
op-team
Posts: 39
Joined: Fri Jun 02, 2017 6:19 am

Nagios XI 5.10.0 - JQuery Vunerability

Post by op-team »

Hi,

We are running Nagios XI 5.10.0. Our Nessus reports an jquery vulnerability

URL : https://NVS-NAGIOS-01.vcloud.lu/nagiosx ... 4.1.min.js
Installed version : 3.4.1
Fixed version : 3.5.0

Could you help to correct this?

It seems like the latest version 3.6.0 is used within the GUI but additional old jquery version are still available

[root@nagios-server: ~]# find /usr/local/nagiosxi/html/includes/js/jquery/ -name "jquery-*"
/usr/local/nagiosxi/html/includes/js/jquery/jquery-1.12.4.min.js.orig
/usr/local/nagiosxi/html/includes/js/jquery/css/smoothness/jquery-ui-1.9.0.custom.min.css
/usr/local/nagiosxi/html/includes/js/jquery/css/smoothness/jquery-ui.custom.min.css
/usr/local/nagiosxi/html/includes/js/jquery/jquery-ui-timepicker-addon.js
/usr/local/nagiosxi/html/includes/js/jquery/jquery-migrate-3.0.0.min.js
/usr/local/nagiosxi/html/includes/js/jquery/jquery-migrate-1.4.1.min.js
/usr/local/nagiosxi/html/includes/js/jquery/jquery-ui-1.9.0.custom.min.js
/usr/local/nagiosxi/html/includes/js/jquery/jquery-3.4.1.min.js
/usr/local/nagiosxi/html/includes/js/jquery/jquery-ui-1.12.1.custom.min.js
/usr/local/nagiosxi/html/includes/js/jquery/jquery-migrate-1.2.1.min.js
/usr/local/nagiosxi/html/includes/js/jquery/jquery-3.3.1.min.js
/usr/local/nagiosxi/html/includes/js/jquery/jquery-1.11.2.min.js
/usr/local/nagiosxi/html/includes/js/jquery/jquery-1.12.4.min.js
/usr/local/nagiosxi/html/includes/js/jquery/jquery-3.5.1.min.js
/usr/local/nagiosxi/html/includes/js/jquery/jquery-3.x.compat.js
/usr/local/nagiosxi/html/includes/js/jquery/jquery-3.6.0.min.js


May I run a cleanup? Which versions do i need to keep?

Thanks in advance
op-team
Posts: 39
Joined: Fri Jun 02, 2017 6:19 am

Re: Nagios XI 5.10.0 - JQuery Vunerability

Post by op-team »

Hi guys,

Someone to help me solve this issue? Thanks in advance
kg2857
Posts: 233
Joined: Wed Apr 12, 2023 5:48 pm

Re: Nagios XI 5.10.0 - JQuery Vunerability

Post by kg2857 »

Move all but the newest versions to another location, or back them up and remove them.
nicklesta
Posts: 5
Joined: Wed Jul 12, 2023 8:10 pm

Re: Nagios XI 5.10.0 - JQuery Vunerability

Post by nicklesta »

Move all but the newest versions to another location, or back them up and remove themdrift boss
What do you mean. Please review the file!
kg2857
Posts: 233
Joined: Wed Apr 12, 2023 5:48 pm

Re: Nagios XI 5.10.0 - JQuery Vunerability

Post by kg2857 »

Which file would that be?
Post Reply