CVE-2021-32746

Name of the Vulnerable Software and Affected Versions Icinga Web 2 versions 2.3.0 through 2.8.2

Description The issue in Icinga Web 2's doc module allows an attacker to gain access to arbitrary files readable by the web-server user by visiting a certain route. The doc module must be manually enabled by an administrator, and users need explicit access permission to use it. This issue can be exploited remotely, allowing an attacker to access confidential data.

Recommendations For versions 2.3.0 through 2.8.2, update to version 2.9.0, 2.8.3, or 2.7.5 to resolve the issue. As a temporary workaround, consider disabling the doc module or revoking permission to use it from all users.