Nagios Log Server versions prior to 2024R1.0.2 contain a local privilege escalation vulnerability that allows an attacker who could execute commands as the Apache web user (or the backend shell user) to escalate to root on the host.
A product incorrectly assigns a privilege to a particular actor, creating an unintended sphere of control for that actor.