{"id":"UBUNTU-CVE-2021-33178","details":"The Manage Backgrounds functionality within NagVis versions prior to 1.9.29 is vulnerable to an authenticated path traversal vulnerability. Exploitation of this results in a malicious actor having the ability to arbitrarily delete files on the local system.","modified":"2026-05-20T16:06:27.789015917Z","published":"2021-10-14T15:15:00Z","upstream":["CVE-2021-33178"],"references":[{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2021-33178"},{"type":"REPORT","url":"https://www.synopsys.com/blogs/software-security/cyrc-advisory-nagios-xi"},{"type":"REPORT","url":"https://www.cve.org/CVERecord?id=CVE-2021-33178"}],"affected":[{"package":{"name":"nagvis","ecosystem":"Ubuntu:16.04:LTS","purl":"pkg:deb/ubuntu/nagvis?arch=source&distro=xenial"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["1:1.7.10+dfsg1-3","1:1.7.10+dfsg1-3ubuntu1"],"ecosystem_specific":{"binaries":[{"binary_name":"nagvis","binary_version":"1:1.7.10+dfsg1-3ubuntu1"},{"binary_name":"nagvis-demos","binary_version":"1:1.7.10+dfsg1-3ubuntu1"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2021/UBUNTU-CVE-2021-33178.json"}},{"package":{"name":"nagvis","ecosystem":"Ubuntu:18.04:LTS","purl":"pkg:deb/ubuntu/nagvis?arch=source&distro=bionic"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["1:1.7.10+dfsg1-3.2"],"ecosystem_specific":{"binaries":[{"binary_name":"nagvis","binary_version":"1:1.7.10+dfsg1-3.2"},{"binary_name":"nagvis-demos","binary_version":"1:1.7.10+dfsg1-3.2"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2021/UBUNTU-CVE-2021-33178.json"}},{"package":{"name":"nagvis","ecosystem":"Ubuntu:22.04:LTS","purl":"pkg:deb/ubuntu/nagvis?arch=source&distro=jammy"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["1:1.9.25-2","1:1.9.27-1","1:1.9.28-1","1:1.9.29-1","1:1.9.30-1"],"ecosystem_specific":{"binaries":[{"binary_name":"nagvis","binary_version":"1:1.9.30-1"},{"binary_name":"nagvis-demos","binary_version":"1:1.9.30-1"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2021/UBUNTU-CVE-2021-33178.json"}},{"package":{"name":"nagvis","ecosystem":"Ubuntu:24.04:LTS","purl":"pkg:deb/ubuntu/nagvis?arch=source&distro=noble"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["1:1.9.36-1","1:1.9.38-1","1:1.9.39-1","1:1.9.40-1"],"ecosystem_specific":{"binaries":[{"binary_name":"nagvis","binary_version":"1:1.9.40-1"},{"binary_name":"nagvis-demos","binary_version":"1:1.9.40-1"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2021/UBUNTU-CVE-2021-33178.json"}},{"package":{"name":"nagvis","ecosystem":"Ubuntu:25.10","purl":"pkg:deb/ubuntu/nagvis?arch=source&distro=questing"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["1:1.9.44-1","1:1.9.46-1","1:1.9.47-1"],"ecosystem_specific":{"binaries":[{"binary_name":"nagvis","binary_version":"1:1.9.47-1"},{"binary_name":"nagvis-demos","binary_version":"1:1.9.47-1"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2021/UBUNTU-CVE-2021-33178.json"}},{"package":{"name":"nagvis","ecosystem":"Ubuntu:26.04:LTS","purl":"pkg:deb/ubuntu/nagvis?arch=source&distro=resolute"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["1:1.9.47-1","1:1.9.48-1"],"ecosystem_specific":{"binaries":[{"binary_name":"nagvis","binary_version":"1:1.9.48-1"},{"binary_name":"nagvis-demos","binary_version":"1:1.9.48-1"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2021/UBUNTU-CVE-2021-33178.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H"},{"type":"Ubuntu","score":"medium"}]}