Yhabteab

**Name of the Vulnerable Software and Affected Versions** Icinga 2 versions prior to 2.12.12 Icinga 2 versions prior to 2.13.12 Icinga 2 versions prior to 2.14.6 **Description** The issue affects Icinga 2, a monitoring system that checks network resource availability and generates performance data. It allows an attacker to obtain a valid certificate by tricking the `VerifyCertificate()` function into treating malicious certificates as valid. This occurs when Icinga 2 is built with OpenSSL older than version 1.1.0, such as on RHEL 7 or Amazon Linux 2. The attacker can then use the valid certificate to impersonate trusted nodes. **Recommendations** For versions prior to 2.12.12, update to version 2.12.12 or later. For versions prior to 2.13.12, update to version 2.13.12 or later. For versions prior to 2.14.6, update to version 2.14.6 or later. As a temporary workaround, consider checking the OpenSSL version with `icinga2 --version | grep OpenSSL` and updating Icinga 2 if affected.