Nagios Support Forum

Support for Nagios products and services
https://support.nagios.com/forum/

Jquery vulnerability - Nagios LS

https://support.nagios.com/forum/viewtopic.php?t=62498

Page 1 of 1

Jquery vulnerability - Nagios LS

Posted: Thu May 06, 2021 5:32 am
by Techmnagioslsuser
Hello Team,
In vulnerability assessment for our production Nagios Log server installation , we see Jquery vulnerability.

"According to the self-reported version in the script, the version of JQuery hosted on the remote web server is greater than or equal to 1.2 and prior to 3.5.0. It is, therefore, affected by multiple cross site scripting vulnerabilities. Upgrade to JQuery version 3.5.0 or later."

Please suggest how can we upgrade the Jquery.

Thanks

Re: Jquery vulnerability - Nagios LS

Posted: Thu May 06, 2021 5:26 pm
by ssax
Development hasn't released a version yet with jquery upgraded, there was a feature request submitted for it already but it hasn't been implemented yet.

Re: Jquery vulnerability - Nagios LS

Posted: Mon May 17, 2021 11:17 pm
by Techmnagioslsuser
Thanks for the update.

Do we have any tentative timeline for the upgraded version of Jquery.

Thanks

Re: Jquery vulnerability - Nagios LS

Posted: Tue May 18, 2021 1:38 pm
by dchurch
No we do not have a tentative timeline for getting this patch out. The patch for this has not yet been written.

It'll more-likely-than-not be included in the next release of Nagios Log Server, but there's no guarantees. We tend to prioritize security fixes. Please keep in mind that the decision to implement the fix is at the discretion of our development team based on likelihood and severity of the security flaw.

You can view a release history here to give you an idea when that will happen. Also when we release a fix, that page will mention a jquery fix in the release notes.
All times are UTC-05:00
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited