CVE-2020-6585: 
Nagios vulnerability analysis and mitigation

CVE-2020-6585 is a Cross-Site Request Forgery (CSRF) vulnerability discovered in Nagios Log Server version 2.1.3. The vulnerability was disclosed on March 16, 2020, and affects the web interface of Nagios Log Server, a centralized log management and analysis solution (NVD, Nagios Product).

The vulnerability is classified as a CSRF issue that allows malicious users to perform unauthorized actions by sending specially crafted links to victims. The vulnerability has been assigned a CVSS v3.1 base score of 8.8 (HIGH) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H, indicating that it requires user interaction but can lead to high impacts on confidentiality, integrity, and availability (NVD).

If successfully exploited, the vulnerability allows attackers to perform actions on behalf of authenticated users by tricking them into clicking malicious links. This could potentially lead to unauthorized system access and manipulation of log server configurations (Medium Blog).

The vulnerability was addressed in subsequent versions of Nagios Log Server. Users should upgrade to a version newer than 2.1.3 to protect against this vulnerability. The fix was documented in the Nagios Log Server changelog (Nagios Changes).

The vulnerability was reported by security researcher Mohit Rawat and was part of a set of multiple vulnerabilities discovered in Nagios Log Server 2.1.3, including other security issues such as XSS and incorrect access control (Medium Blog).