PT-2022-16824 · Unknown+1 · Icinga Web 2+1
Nilmerg
+1
·
Published
2022-03-08
·
Updated
2023-07-17
·
CVE-2022-24715
CVSS v3.1
8.8
High
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Icinga Web 2 versions prior to 2.8.6
Icinga Web 2 versions prior to 2.9.6
Icinga Web 2 versions prior to 2.10
Description
Icinga Web 2 is an open source monitoring web interface, framework and command-line interface. Authenticated users, with access to the configuration, can create SSH resource files in unintended directories, leading to the execution of arbitrary code.
Recommendations
For versions prior to 2.8.6, update to version 2.8.6 or later.
For versions prior to 2.9.6, update to version 2.9.6 or later.
For versions prior to 2.10, update to version 2.10 or later.
As a temporary workaround for users unable to upgrade, limit access to the Icinga Web 2 configuration.
Exploit
Fix
Path traversal
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Debian
Icinga Web 2