Key Vulnerability Information Vulnerability Name: - Nagios XI < 2024R1.1.2 API Keys & Hashed Passwords Authenticated Information Disclosure Severity: - HIGH Date: - October 30, 2025 Affected Versions: - XI < 2024R1.1.2 CVE ID: - CVE-2024-13995 CWE Type: - CWE-497 Exposure of Sensitive System Information to an Unauthorized Control Sphere CVSS Score: - 7.1 CVSS V4 Vector: - CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N References: - Nagios XI Security Disclosures - Nagios XI Changelog Description: - Nagios XI versions prior to 2024R1.1.2 may disclose sensitive user account information (including API keys and hashed passwords) to authenticated users who should not have access to that data. Exposure of API keys or password hashes could lead to account compromise, abuse of API privileges, or offline cracking attempts. Please provide additional details from any actual screenshots if available!