{"id":"CVE-2022-46945","details":"Nagvis before 1.9.34 was discovered to contain an arbitrary file read vulnerability via the component /core/classes/NagVisHoverUrl.php.","modified":"2026-04-12T04:18:40.001556Z","published":"2023-05-26T15:15:09.393Z","references":[{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2025/05/msg00000.html"},{"type":"FIX","url":"https://github.com/NagVis/nagvis/commit/71aba7f46f79d846e1df037f165d206a2cd1d22a"},{"type":"FIX","url":"https://github.com/NagVis/nagvis/compare/nagvis-1.9.33...nagvis-1.9.34"},{"type":"EVIDENCE","url":"https://www.sonarsource.com/blog/checkmk-rce-chain-3/"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/nagvis/nagvis","events":[{"introduced":"0"},{"fixed":"719f7d8454d0d7f31bef9938bd8b2eb2e7107063"},{"fixed":"71aba7f46f79d846e1df037f165d206a2cd1d22a"}],"database_specific":{"source":["CPE_FIELD","REFERENCES"],"cpe":"cpe:2.3:a:nagvis:nagvis:*:*:*:*:*:*:*:*","extracted_events":[{"introduced":"0"},{"fixed":"1.9.34"}]}}],"versions":["nagvis-1.0.0","nagvis-1.1.1","nagvis-1.1.2","nagvis-1.2.0","nagvis-1.2.1","nagvis-1.2.2","nagvis-1.3.0","nagvis-1.4.0","nagvis-1.4.1","nagvis-1.5.0","nagvis-1.5.1","nagvis-1.5.2","nagvis-1.5.3","nagvis-1.5.4","nagvis-1.5b1","nagvis-1.5b2","nagvis-1.5b3","nagvis-1.5b4","nagvis-1.5rc2","nagvis-1.5rc3","nagvis-1.6.0","nagvis-1.6.1","nagvis-1.6.2","nagvis-1.6.3","nagvis-1.6.4","nagvis-1.6b1","nagvis-1.6b2","nagvis-1.6b3","nagvis-1.6rc1","nagvis-1.6rc2","nagvis-1.6rc3","nagvis-1.6rc4","nagvis-1.7.0","nagvis-1.7.1","nagvis-1.7.2","nagvis-1.7.3","nagvis-1.7.4","nagvis-1.7.5","nagvis-1.7.6","nagvis-1.7.8","nagvis-1.7.9","nagvis-1.7b1","nagvis-1.7b2","nagvis-1.7b3","nagvis-1.8.0","nagvis-1.8b1","nagvis-1.8b2","nagvis-1.8b3","nagvis-1.8b4","nagvis-1.8b5","nagvis-1.8b6","nagvis-1.8b7","nagvis-1.8rc1","nagvis-1.8rc2","nagvis-1.8rc3","nagvis-1.9.0","nagvis-1.9.1","nagvis-1.9.10","nagvis-1.9.11","nagvis-1.9.12","nagvis-1.9.13","nagvis-1.9.14","nagvis-1.9.15","nagvis-1.9.16","nagvis-1.9.17","nagvis-1.9.18","nagvis-1.9.19","nagvis-1.9.2","nagvis-1.9.20","nagvis-1.9.21","nagvis-1.9.22","nagvis-1.9.23","nagvis-1.9.24","nagvis-1.9.25","nagvis-1.9.26","nagvis-1.9.27","nagvis-1.9.28","nagvis-1.9.29","nagvis-1.9.3","nagvis-1.9.30","nagvis-1.9.31","nagvis-1.9.32","nagvis-1.9.33","nagvis-1.9.4","nagvis-1.9.5","nagvis-1.9.6","nagvis-1.9.7","nagvis-1.9.8","nagvis-1.9.9","nagvis-1.9a1","nagvis-1.9b1","nagvis-1.9b10","nagvis-1.9b11","nagvis-1.9b12","nagvis-1.9b13","nagvis-1.9b14","nagvis-1.9b15","nagvis-1.9b16","nagvis-1.9b17","nagvis-1.9b18","nagvis-1.9b19","nagvis-1.9b2","nagvis-1.9b4","nagvis-1.9b5","nagvis-1.9b6","nagvis-1.9b7","nagvis-1.9b8","nagvis-1.9b9"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-46945.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"}]}