Vulnerabilites related to Icinga - icingaweb2
cve-2022-24714
Vulnerability from cvelistv5
Published
2022-03-08 19:55
Modified
2024-08-03 04:20
Severity ?
EPSS score ?
Summary
Icinga Web 2 is an open source monitoring web interface, framework and command-line interface. Installations of Icinga 2 with the IDO writer enabled are affected. If you use service custom variables in role restrictions, and you regularly decommission service objects, users with said roles may still have access to a collection of content. Note that this only applies if a role has implicitly permitted access to hosts, due to permitted access to at least one of their services. If access to a host is permitted by other means, no sensible information has been disclosed to unauthorized users. This issue has been resolved in versions 2.8.6, 2.9.6 and 2.10 of Icinga Web 2.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/Icinga/icingaweb2/security/advisories/GHSA-qcmg-vr56-x9wf | x_refsource_CONFIRM | |
| https://github.com/Icinga/icingaweb2/commit/6e989d05a1568a6733a3d912001251acc51d9293 | x_refsource_MISC | |
| https://security.gentoo.org/glsa/202208-05 | vendor-advisory, x_refsource_GENTOO |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Icinga | icingaweb2 |
Version: < 2.8.6 Version: >= 2.9.0, < 2.9.6 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T04:20:49.162Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/Icinga/icingaweb2/security/advisories/GHSA-qcmg-vr56-x9wf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/Icinga/icingaweb2/commit/6e989d05a1568a6733a3d912001251acc51d9293"
},
{
"name": "GLSA-202208-05",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202208-05"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "icingaweb2",
"vendor": "Icinga",
"versions": [
{
"status": "affected",
"version": "\u003c 2.8.6"
},
{
"status": "affected",
"version": "\u003e= 2.9.0, \u003c 2.9.6"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Icinga Web 2 is an open source monitoring web interface, framework and command-line interface. Installations of Icinga 2 with the IDO writer enabled are affected. If you use service custom variables in role restrictions, and you regularly decommission service objects, users with said roles may still have access to a collection of content. Note that this only applies if a role has implicitly permitted access to hosts, due to permitted access to at least one of their services. If access to a host is permitted by other means, no sensible information has been disclosed to unauthorized users. This issue has been resolved in versions 2.8.6, 2.9.6 and 2.10 of Icinga Web 2."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "CWE-863: Incorrect Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-04T15:13:00",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/Icinga/icingaweb2/security/advisories/GHSA-qcmg-vr56-x9wf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/Icinga/icingaweb2/commit/6e989d05a1568a6733a3d912001251acc51d9293"
},
{
"name": "GLSA-202208-05",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202208-05"
}
],
"source": {
"advisory": "GHSA-qcmg-vr56-x9wf",
"discovery": "UNKNOWN"
},
"title": "Disclosure of hosts and related data, linked to decommissioned services in Icinga Web 2",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2022-24714",
"STATE": "PUBLIC",
"TITLE": "Disclosure of hosts and related data, linked to decommissioned services in Icinga Web 2"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "icingaweb2",
"version": {
"version_data": [
{
"version_value": "\u003c 2.8.6"
},
{
"version_value": "\u003e= 2.9.0, \u003c 2.9.6"
}
]
}
}
]
},
"vendor_name": "Icinga"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Icinga Web 2 is an open source monitoring web interface, framework and command-line interface. Installations of Icinga 2 with the IDO writer enabled are affected. If you use service custom variables in role restrictions, and you regularly decommission service objects, users with said roles may still have access to a collection of content. Note that this only applies if a role has implicitly permitted access to hosts, due to permitted access to at least one of their services. If access to a host is permitted by other means, no sensible information has been disclosed to unauthorized users. This issue has been resolved in versions 2.8.6, 2.9.6 and 2.10 of Icinga Web 2."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-863: Incorrect Authorization"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/Icinga/icingaweb2/security/advisories/GHSA-qcmg-vr56-x9wf",
"refsource": "CONFIRM",
"url": "https://github.com/Icinga/icingaweb2/security/advisories/GHSA-qcmg-vr56-x9wf"
},
{
"name": "https://github.com/Icinga/icingaweb2/commit/6e989d05a1568a6733a3d912001251acc51d9293",
"refsource": "MISC",
"url": "https://github.com/Icinga/icingaweb2/commit/6e989d05a1568a6733a3d912001251acc51d9293"
},
{
"name": "GLSA-202208-05",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202208-05"
}
]
},
"source": {
"advisory": "GHSA-qcmg-vr56-x9wf",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2022-24714",
"datePublished": "2022-03-08T19:55:09",
"dateReserved": "2022-02-10T00:00:00",
"dateUpdated": "2024-08-03T04:20:49.162Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-32747
Vulnerability from cvelistv5
Published
2021-07-12 22:50
Modified
2024-08-03 23:33
Severity ?
EPSS score ?
Summary
Icinga Web 2 is an open source monitoring web interface, framework, and command-line interface. A vulnerability in which custom variables are exposed to unauthorized users exists between versions 2.0.0 and 2.8.2. Custom variables are user-defined keys and values on configuration objects in Icinga 2. These are commonly used to reference secrets in other configurations such as check commands to be able to authenticate with a service being checked. Icinga Web 2 displays these custom variables to logged in users with access to said hosts or services. In order to protect the secrets from being visible to anyone, it's possible to setup protection rules and blacklists in a user's role. Protection rules result in `***` being shown instead of the original value, the key will remain. Backlists will hide a custom variable entirely from the user. Besides using the UI, custom variables can also be accessed differently by using an undocumented URL parameter. By adding a parameter to the affected routes, Icinga Web 2 will show these columns additionally in the respective list. This parameter is also respected when exporting to JSON or CSV. Protection rules and blacklists however have no effect in this case. Custom variables are shown as-is in the result. The issue has been fixed in the 2.9.0, 2.8.3, and 2.7.5 releases. As a workaround, one may set up a restriction to hide hosts and services with the custom variable in question.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/Icinga/icingaweb2/releases/tag/v2.7.5 | x_refsource_MISC | |
| https://github.com/Icinga/icingaweb2/releases/tag/v2.8.3 | x_refsource_MISC | |
| https://github.com/Icinga/icingaweb2/releases/tag/v2.9.0 | x_refsource_MISC | |
| https://github.com/Icinga/icingaweb2/security/advisories/GHSA-2xv9-886q-p7xx | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Icinga | icingaweb2 |
Version: >= 2.0.0, <= 2.8.2 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T23:33:55.787Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/Icinga/icingaweb2/releases/tag/v2.7.5"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/Icinga/icingaweb2/releases/tag/v2.8.3"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/Icinga/icingaweb2/releases/tag/v2.9.0"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/Icinga/icingaweb2/security/advisories/GHSA-2xv9-886q-p7xx"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "icingaweb2",
"vendor": "Icinga",
"versions": [
{
"status": "affected",
"version": "\u003e= 2.0.0, \u003c= 2.8.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Icinga Web 2 is an open source monitoring web interface, framework, and command-line interface. A vulnerability in which custom variables are exposed to unauthorized users exists between versions 2.0.0 and 2.8.2. Custom variables are user-defined keys and values on configuration objects in Icinga 2. These are commonly used to reference secrets in other configurations such as check commands to be able to authenticate with a service being checked. Icinga Web 2 displays these custom variables to logged in users with access to said hosts or services. In order to protect the secrets from being visible to anyone, it\u0027s possible to setup protection rules and blacklists in a user\u0027s role. Protection rules result in `***` being shown instead of the original value, the key will remain. Backlists will hide a custom variable entirely from the user. Besides using the UI, custom variables can also be accessed differently by using an undocumented URL parameter. By adding a parameter to the affected routes, Icinga Web 2 will show these columns additionally in the respective list. This parameter is also respected when exporting to JSON or CSV. Protection rules and blacklists however have no effect in this case. Custom variables are shown as-is in the result. The issue has been fixed in the 2.9.0, 2.8.3, and 2.7.5 releases. As a workaround, one may set up a restriction to hide hosts and services with the custom variable in question."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-07-12T22:50:11",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/Icinga/icingaweb2/releases/tag/v2.7.5"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/Icinga/icingaweb2/releases/tag/v2.8.3"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/Icinga/icingaweb2/releases/tag/v2.9.0"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/Icinga/icingaweb2/security/advisories/GHSA-2xv9-886q-p7xx"
}
],
"source": {
"advisory": "GHSA-2xv9-886q-p7xx",
"discovery": "UNKNOWN"
},
"title": "Custom variable protection and blacklists can be circumvented",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2021-32747",
"STATE": "PUBLIC",
"TITLE": "Custom variable protection and blacklists can be circumvented"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "icingaweb2",
"version": {
"version_data": [
{
"version_value": "\u003e= 2.0.0, \u003c= 2.8.2"
}
]
}
}
]
},
"vendor_name": "Icinga"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Icinga Web 2 is an open source monitoring web interface, framework, and command-line interface. A vulnerability in which custom variables are exposed to unauthorized users exists between versions 2.0.0 and 2.8.2. Custom variables are user-defined keys and values on configuration objects in Icinga 2. These are commonly used to reference secrets in other configurations such as check commands to be able to authenticate with a service being checked. Icinga Web 2 displays these custom variables to logged in users with access to said hosts or services. In order to protect the secrets from being visible to anyone, it\u0027s possible to setup protection rules and blacklists in a user\u0027s role. Protection rules result in `***` being shown instead of the original value, the key will remain. Backlists will hide a custom variable entirely from the user. Besides using the UI, custom variables can also be accessed differently by using an undocumented URL parameter. By adding a parameter to the affected routes, Icinga Web 2 will show these columns additionally in the respective list. This parameter is also respected when exporting to JSON or CSV. Protection rules and blacklists however have no effect in this case. Custom variables are shown as-is in the result. The issue has been fixed in the 2.9.0, 2.8.3, and 2.7.5 releases. As a workaround, one may set up a restriction to hide hosts and services with the custom variable in question."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/Icinga/icingaweb2/releases/tag/v2.7.5",
"refsource": "MISC",
"url": "https://github.com/Icinga/icingaweb2/releases/tag/v2.7.5"
},
{
"name": "https://github.com/Icinga/icingaweb2/releases/tag/v2.8.3",
"refsource": "MISC",
"url": "https://github.com/Icinga/icingaweb2/releases/tag/v2.8.3"
},
{
"name": "https://github.com/Icinga/icingaweb2/releases/tag/v2.9.0",
"refsource": "MISC",
"url": "https://github.com/Icinga/icingaweb2/releases/tag/v2.9.0"
},
{
"name": "https://github.com/Icinga/icingaweb2/security/advisories/GHSA-2xv9-886q-p7xx",
"refsource": "CONFIRM",
"url": "https://github.com/Icinga/icingaweb2/security/advisories/GHSA-2xv9-886q-p7xx"
}
]
},
"source": {
"advisory": "GHSA-2xv9-886q-p7xx",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2021-32747",
"datePublished": "2021-07-12T22:50:11",
"dateReserved": "2021-05-12T00:00:00",
"dateUpdated": "2024-08-03T23:33:55.787Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-24716
Vulnerability from cvelistv5
Published
2022-03-08 00:00
Modified
2024-08-03 04:20
Severity ?
EPSS score ?
Summary
Icinga Web 2 is an open source monitoring web interface, framework and command-line interface. Unauthenticated users can leak the contents of files of the local system accessible to the web-server user, including `icingaweb2` configuration files with database credentials. This issue has been resolved in versions 2.9.6 and 2.10 of Icinga Web 2. Database credentials should be rotated.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Icinga | icingaweb2 |
Version: >= 2.9.0, < 2.9.6 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T04:20:49.887Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/Icinga/icingaweb2/security/advisories/GHSA-5p3f-rh28-8frw"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/Icinga/icingaweb2/commit/9931ed799650f5b8d5e1dc58ea3415a4cdc5773d"
},
{
"name": "GLSA-202208-05",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202208-05"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/171774/Icinga-Web-2.10-Arbitrary-File-Disclosure.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "icingaweb2",
"vendor": "Icinga",
"versions": [
{
"status": "affected",
"version": "\u003e= 2.9.0, \u003c 2.9.6"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Icinga Web 2 is an open source monitoring web interface, framework and command-line interface. Unauthenticated users can leak the contents of files of the local system accessible to the web-server user, including `icingaweb2` configuration files with database credentials. This issue has been resolved in versions 2.9.6 and 2.10 of Icinga Web 2. Database credentials should be rotated."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-10T00:00:00",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"url": "https://github.com/Icinga/icingaweb2/security/advisories/GHSA-5p3f-rh28-8frw"
},
{
"url": "https://github.com/Icinga/icingaweb2/commit/9931ed799650f5b8d5e1dc58ea3415a4cdc5773d"
},
{
"name": "GLSA-202208-05",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202208-05"
},
{
"url": "http://packetstormsecurity.com/files/171774/Icinga-Web-2.10-Arbitrary-File-Disclosure.html"
}
],
"source": {
"advisory": "GHSA-5p3f-rh28-8frw",
"discovery": "UNKNOWN"
},
"title": "Path traversal in Icinga Web 2"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2022-24716",
"datePublished": "2022-03-08T00:00:00",
"dateReserved": "2022-02-10T00:00:00",
"dateUpdated": "2024-08-03T04:20:49.887Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-32746
Vulnerability from cvelistv5
Published
2021-07-12 22:25
Modified
2024-08-03 23:33
Severity ?
EPSS score ?
Summary
Icinga Web 2 is an open source monitoring web interface, framework and command-line interface. Between versions 2.3.0 and 2.8.2, the `doc` module of Icinga Web 2 allows to view documentation directly in the UI. It must be enabled manually by an administrator and users need explicit access permission to use it. Then, by visiting a certain route, it is possible to gain access to arbitrary files readable by the web-server user. The issue has been fixed in the 2.9.0, 2.8.3, and 2.7.5 releases. As a workaround, an administrator may disable the `doc` module or revoke permission to use it from all users.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/Icinga/icingaweb2/security/advisories/GHSA-cmgc-h4cx-3v43 | x_refsource_CONFIRM | |
| https://github.com/Icinga/icingaweb2/releases/tag/v2.7.5 | x_refsource_MISC | |
| https://github.com/Icinga/icingaweb2/releases/tag/v2.8.3 | x_refsource_MISC | |
| https://github.com/Icinga/icingaweb2/releases/tag/v2.9.0 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Icinga | icingaweb2 |
Version: >= 2.3.0, <= 2.8.2 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T23:33:54.900Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/Icinga/icingaweb2/security/advisories/GHSA-cmgc-h4cx-3v43"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/Icinga/icingaweb2/releases/tag/v2.7.5"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/Icinga/icingaweb2/releases/tag/v2.8.3"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/Icinga/icingaweb2/releases/tag/v2.9.0"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "icingaweb2",
"vendor": "Icinga",
"versions": [
{
"status": "affected",
"version": "\u003e= 2.3.0, \u003c= 2.8.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Icinga Web 2 is an open source monitoring web interface, framework and command-line interface. Between versions 2.3.0 and 2.8.2, the `doc` module of Icinga Web 2 allows to view documentation directly in the UI. It must be enabled manually by an administrator and users need explicit access permission to use it. Then, by visiting a certain route, it is possible to gain access to arbitrary files readable by the web-server user. The issue has been fixed in the 2.9.0, 2.8.3, and 2.7.5 releases. As a workaround, an administrator may disable the `doc` module or revoke permission to use it from all users."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-07-12T22:25:11",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/Icinga/icingaweb2/security/advisories/GHSA-cmgc-h4cx-3v43"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/Icinga/icingaweb2/releases/tag/v2.7.5"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/Icinga/icingaweb2/releases/tag/v2.8.3"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/Icinga/icingaweb2/releases/tag/v2.9.0"
}
],
"source": {
"advisory": "GHSA-cmgc-h4cx-3v43",
"discovery": "UNKNOWN"
},
"title": "Possible path traversal by use of the `doc` module",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2021-32746",
"STATE": "PUBLIC",
"TITLE": "Possible path traversal by use of the `doc` module"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "icingaweb2",
"version": {
"version_data": [
{
"version_value": "\u003e= 2.3.0, \u003c= 2.8.2"
}
]
}
}
]
},
"vendor_name": "Icinga"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Icinga Web 2 is an open source monitoring web interface, framework and command-line interface. Between versions 2.3.0 and 2.8.2, the `doc` module of Icinga Web 2 allows to view documentation directly in the UI. It must be enabled manually by an administrator and users need explicit access permission to use it. Then, by visiting a certain route, it is possible to gain access to arbitrary files readable by the web-server user. The issue has been fixed in the 2.9.0, 2.8.3, and 2.7.5 releases. As a workaround, an administrator may disable the `doc` module or revoke permission to use it from all users."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/Icinga/icingaweb2/security/advisories/GHSA-cmgc-h4cx-3v43",
"refsource": "CONFIRM",
"url": "https://github.com/Icinga/icingaweb2/security/advisories/GHSA-cmgc-h4cx-3v43"
},
{
"name": "https://github.com/Icinga/icingaweb2/releases/tag/v2.7.5",
"refsource": "MISC",
"url": "https://github.com/Icinga/icingaweb2/releases/tag/v2.7.5"
},
{
"name": "https://github.com/Icinga/icingaweb2/releases/tag/v2.8.3",
"refsource": "MISC",
"url": "https://github.com/Icinga/icingaweb2/releases/tag/v2.8.3"
},
{
"name": "https://github.com/Icinga/icingaweb2/releases/tag/v2.9.0",
"refsource": "MISC",
"url": "https://github.com/Icinga/icingaweb2/releases/tag/v2.9.0"
}
]
},
"source": {
"advisory": "GHSA-cmgc-h4cx-3v43",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2021-32746",
"datePublished": "2021-07-12T22:25:11",
"dateReserved": "2021-05-12T00:00:00",
"dateUpdated": "2024-08-03T23:33:54.900Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-24715
Vulnerability from cvelistv5
Published
2022-03-08 00:00
Modified
2024-08-03 04:20
Severity ?
EPSS score ?
Summary
Icinga Web 2 is an open source monitoring web interface, framework and command-line interface. Authenticated users, with access to the configuration, can create SSH resource files in unintended directories, leading to the execution of arbitrary code. This issue has been resolved in versions 2.8.6, 2.9.6 and 2.10 of Icinga Web 2. Users unable to upgrade should limit access to the Icinga Web 2 configuration.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Icinga | icingaweb2 |
Version: < 2.8.6 Version: >= 2.9.0, < 2.9.6 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T04:20:50.162Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/Icinga/icingaweb2/security/advisories/GHSA-v9mv-h52f-7g63"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/Icinga/icingaweb2/commit/a06d915467ca943a4b406eb9587764b8ec34cafb"
},
{
"name": "GLSA-202208-05",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202208-05"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/173516/Icinga-Web-2.10-Remote-Code-Execution.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "icingaweb2",
"vendor": "Icinga",
"versions": [
{
"status": "affected",
"version": "\u003c 2.8.6"
},
{
"status": "affected",
"version": "\u003e= 2.9.0, \u003c 2.9.6"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Icinga Web 2 is an open source monitoring web interface, framework and command-line interface. Authenticated users, with access to the configuration, can create SSH resource files in unintended directories, leading to the execution of arbitrary code. This issue has been resolved in versions 2.8.6, 2.9.6 and 2.10 of Icinga Web 2. Users unable to upgrade should limit access to the Icinga Web 2 configuration."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-07-17T00:00:00",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"url": "https://github.com/Icinga/icingaweb2/security/advisories/GHSA-v9mv-h52f-7g63"
},
{
"url": "https://github.com/Icinga/icingaweb2/commit/a06d915467ca943a4b406eb9587764b8ec34cafb"
},
{
"name": "GLSA-202208-05",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202208-05"
},
{
"url": "http://packetstormsecurity.com/files/173516/Icinga-Web-2.10-Remote-Code-Execution.html"
}
],
"source": {
"advisory": "GHSA-v9mv-h52f-7g63",
"discovery": "UNKNOWN"
},
"title": "Arbitrary code execution for authenticated users in Icinga Web 2"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2022-24715",
"datePublished": "2022-03-08T00:00:00",
"dateReserved": "2022-02-10T00:00:00",
"dateUpdated": "2024-08-03T04:20:50.162Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}