Nagios Support Forum

Greetings,

We have just been advised by our security team after a vulnerability scan that our Nagios XI server has a jQuery < 1.9.0 XSS Vulnerability.
The file is located here and within a snap that can't be renamed or deleted:
/snap/chromium/3002/tests/data/HTML5test/scripts/jquery/jquery-1.7.2.min.js

After researching I found nothing on the web that mentions this or a way to update or remove the older JQuery file.
It's also located in this directory:
/snap/chromium/3010/tests/data/HTML5test/scripts/jquery/jquery-1.7.2.min.js

It appears as though this has been placed on the server after the last two upgrades maybe? Time stamps are 11/27/2024 and the 3010 folder 12/16/2024 when I did the last upgrade of Nagios XI on version 2024R1.3.2 (latest version of XI).

Please advise us on a way to remediate this or remove this file. Let me know if you have any questions.

Thank you!

Notes on this issue:
The version of chromium that is installed on our Nagios XI system is version 131.0.6778.139
Latest version available on snapcraft.io is 131.0.6778.264 (maybe that version has an update version of JQuery on it)

Can someone confirm that Nagios XI is installing the Snap Cromium package as of November 2024 perhaps?

LJMangha,

I'm not sure this file is directly related to Nagios XI. A couple questions for you:

What distribution/version are you on?
Are you running anything else on this server?

Best Regards,

Cory Norell

As a follow up, I have chromium-131.0.6778.204 installed on my system. I do not have the file you mentioned anywhere on the filesystem.

Hello Cory,

Thanks for the reply!
The version of Nagios XI is 2024R1.3.2 (latest version of XI)
The only thing we use it for is Nagios XI ubuntu server 20.04.6 LTS with PRO support enabled for extended updates.

This is the only server that has the vulnerability for the snap/chromium JQuery file out of our 50 Ubuntu servers, and the only one running Nagios XI.

Hope that helps, let me know if you need additional information.

If Nagios XI has nothing to do with the SNAP/Chromium directory I can try and update it w a snap refresh chromium command, but didn't want to break anything on the Nagios XI side of things. The reason I attributed this package to Nagios XI is that the time stamp on the snap folder is the same time I upgraded Nagios XI.
I do have a snapshot and backups of the server so I can always revert.

I did the refresh for chromium and it's now at version: .264
chromium 131.0.6778.264 from Canonical✓ refreshed

But the JQuery file is still in the directory
see attached pic

Does Nagios XI use the SNAP/Chromium directory?
if not, I'll try and figure out how to remove it - sudo snap remove --purge chromium

Cory,
Thanks for the help or letting me know that Nagios XI doesn't use the SNAP/Chromium package. I did a sudo snap remove --purge chromium, nagios XI seems to be working as normal.

I submitted a bug report to Ubuntu Chromium-browser package on this issue. Thanks for your time.

Hi @LJMangha,

To clarify, XI does use chromium, specifically for printing reporting to pdf.

I believe Cory was saying he didn't see jquery with his chromium.

If you don't print reports to pdf you may not miss chromium. As I look at the paths you posted, there are /test and /HTML5test so perhaps the jquery gets used in those tests.

If it turns out you do want chromium for pdfs and you reinstall chromium and you still see jquery, you should be fine to simply delete the offending file itself, and not chromium entirely.

Aaron

Greetings Aaron,

Thanks for the update on Nagios XI and chromium. Yes, we don't print pdf reports through the Nagios XI dashboard. The problem was that within the chromium snap directory all files are read-only file system and it's not possible to modify any files in that directory, couldn't delete rename or anything. I read where you can mount files within a snap and edit them but they would be the same name once replaced from what I read, which wouldn't do any good when the security scanner scanned the file since it has the same file name. I did uninstall the chromium snap since it had the older vulnerable JQuery file in that directory and the scan came back clean from our security scanner. Thank you again for your explanation and helping me understand how all that works with Nagios XI. Have a great Friday!

Removed:
sudo snap remove --purge chromium