N-O-X

**Name of the Vulnerable Software and Affected Versions** Icinga versions 2.5.0 through 2.13.0 **Description** Icinga is a monitoring system that checks the availability of network resources, notifies users of outages, and generates performance data for reporting. The issue arises in the ElasticsearchWriter, GelfWriter, InfluxdbWriter, and Influxdb2Writer components, which do not verify the server's certificate despite a certificate authority being specified. This affects Icinga 2 instances that connect to time series databases (TSDBs) using TLS over a spoofable infrastructure. **Recommendations** For Icinga versions 2.5.0 through 2.13.0, upgrade to version 2.13.1, 2.12.6, or 2.11.11 to patch the issue. Change the credentials (if any) used by the TSDB writer feature to authenticate against the TSDB. Note that there are no workarounds aside from upgrading.

**Name of the Vulnerable Software and Affected Versions** Icinga 2 versions 2.8.0 through 2.11.7 Icinga 2 version 2.12.2 **Description** The issue arises when revoked certificates due for renewal are automatically renewed, ignoring the Certificate Revocation List (CRL). This means that even if a certificate has been revoked, the system will still renew it, potentially allowing unauthorized access. **Recommendations** For Icinga 2 versions 2.8.0 through 2.11.7, update to version 2.11.8 or later. For Icinga 2 version 2.12.2, update to version 2.12.3 or later.