CVE-2024-41811

Name of the Vulnerable Software and Affected Versions Icinga Web versions 2.12.0 and later Icinga DB Web versions 1.0.0 and later Icinga Notifications Web versions 0.1.0 and later Icinga Web JIRA Integration versions 1.3.0 and later

Description The issue is related to cross-site request forgery (CSRF) under certain circumstances. All affected products will be unaffected once the icinga-php-library is upgraded.

Recommendations For Icinga Web versions 2.12.0 and later, upgrade the icinga-php-library to version 0.10.1 or later, which will be published as part of the icinga-php-library v0.14.1 release. For Icinga DB Web versions 1.0.0 and later, upgrade the icinga-php-library to version 0.10.1 or later, which will be published as part of the icinga-php-library v0.14.1 release. For Icinga Notifications Web versions 0.1.0 and later, upgrade the icinga-php-library to version 0.10.1 or later, which will be published as part of the icinga-php-library v0.14.1 release. For Icinga Web JIRA Integration versions 1.3.0 and later, upgrade the icinga-php-library to version 0.10.1 or later, which will be published as part of the icinga-php-library v0.14.1 release.