Icinga Web 2 is an open source monitoring web interface, framework and command-line interface. Authenticated users, with access to the configuration, can create SSH resource files in unintended directories, leading to the execution of arbitrary code. This issue has been resolved in versions 2.8.6, 2.9.6 and 2.10 of Icinga Web 2. Users unable to upgrade should limit access to the Icinga Web 2 configuration.
References
Link | Resource |
---|---|
http://packetstormsecurity.com/files/173516/Icinga-Web-2.10-Remote-Code-Execution.html | |
https://github.com/Icinga/icingaweb2/commit/a06d915467ca943a4b406eb9587764b8ec34cafb | Patch Third Party Advisory |
https://github.com/Icinga/icingaweb2/security/advisories/GHSA-v9mv-h52f-7g63 | Third Party Advisory |
https://security.gentoo.org/glsa/202208-05 | Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: GitHub_M
Published: 2022-03-08T00:00:00
Updated: 2023-07-17T00:00:00
Reserved: 2022-02-10T00:00:00
Link: CVE-2022-24715
JSON object: View
NVD Information
Status : Modified
Published: 2022-03-08T20:15:07.777
Modified: 2023-07-17T17:15:09.443
Link: CVE-2022-24715
JSON object: View
Redhat Information
No data.
CWE