Nezha Monitor Security CVE — Please Update to 2.0.13 or Above ASAP

in #blogyesterday

A critical security vulnerability has been disclosed in Nezha Monitor Dashboard versions prior to 2.0.13. The issue may allow unauthenticated attackers to access sensitive Dashboard files such as configuration or database files, potentially exposing secrets used for authentication. If you are running a Nezha Dashboard, please update to version 2.0.13 or above immediately. After upgrading, it is also recommended to rotate the jwt_secret_key, review access logs for suspicious requests such as attempts to read config.yaml or sqlite.db, and consider disabling high-risk agent features such as Web SSH, command execution, forced updates, and NAT if you only use Nezha for monitoring.

image.png

https://github.com/nezhahq/nezha/security/advisories/GHSA-5c25-7vpj-9mqh

#security #nezha #cve
yesterday in #blog by
$14.81
  • Pending payout amount: $14.81
  • Breakdown:
        0.00 SBD,
        168.27 STEEM,
        168.27 SP
  • Payout in 6 days
126 votes
Reply 1
Sort:  
  • Trending
    • [-]
     yesterday 

    Thanks for bringing this crucial update to our attention, it's essential for everyone's security 🚨💻

    $0.00
      Reply