National Vulnerability Database from DHS/US-CERT
Incorrect file permissions in Nagios XI 5.7.5 and earlier and Nagios Fusion 4.1.8 and earlier allow privilege escalation to the root user. Low-privileged users can modify files contained in scripts executed by root (also known as source files).
Incorrect SSL certificate verification in Nagios Fusion 4.1.8 and earlier versions allows to upgrade privileges or execute code as root via vectors related to downloading untrusted update packages in upgrade_to_latest.sh.
Command injection in Nagios Fusion 4.1.8 and earlier versions allows escalation of privileges to nagios.
Incorrect file permissions in Nagios Fusion 4.1.8 and earlier versions allow the privilege escalation to be rooted by modifying the script. Low-privileged users can modify files that can be executed by sudo.
To create a temporary directory with insecure permissions in Nagios XI 5.7.5 and earlier versions, you can create a symbolic link for privilege escalation, and the symbolic link is not handled properly in getprofile.sh.