Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2025-61789

Опубликовано: 16 окт. 2025
Источник: debian
EPSS Низкий

Описание

Icinga DB Web provides a graphical interface for Icinga monitoring. Before 1.1.4 and 1.2.3, an authorized user with access to Icinga DB Web, can use a custom variable in a filter that is either protected by icingadb/protect/variables or hidden by icingadb/denylist/variables, to guess values assigned to it. Versions 1.1.4 and 1.2.3 respond with an error if such a custom variable is used.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
icingadb-webfixed1.2.3-1package
icingadb-webno-dsatrixiepackage
icingadb-webno-dsabookwormpackage

Примечания

  • https://github.com/Icinga/icingadb-web/security/advisories/GHSA-w57j-28jc-8429

  • Fixed by: https://github.com/Icinga/icingadb-web/commit/5e982dad40ec379075307ab1693580138e675b18 (v1.2.3)

  • Fixed by: https://github.com/Icinga/icingadb-web/commit/79fc07e7ee4c3d43981487753e82d1f22e956dce (v1.1.4)

  • Fixed by: https://github.com/Icinga/icingadb-web/commit/3b13f094422bc2faded38e4195559a22a172d0ed (v1.1.4)

  • Fixed by: https://github.com/Icinga/icingadb-web/commit/fa4191363b83c8d3e7d854f623ad74b28ae08d7c (v1.1.4)

  • Fixed by: https://github.com/Icinga/icingadb-web/commit/489c8c457c8585e66d2cb502e30dbd8cb5c19e57 (v1.1.4)

  • https://icinga.com/blog/releasing-icinga-2-v2-15-1-2-14-7-and-2-13-13-and-icinga-db-web-v1-2-3-and-1-1-4/

EPSS

Процентиль: 15%
0.00048
Низкий

Связанные уязвимости

ubuntu логотип

CVE-2025-61789

CVSS3: 5.3
ubuntu
4 месяца назад

Icinga DB Web provides a graphical interface for Icinga monitoring. Before 1.1.4 and 1.2.3, an authorized user with access to Icinga DB Web, can use a custom variable in a filter that is either protected by icingadb/protect/variables or hidden by icingadb/denylist/variables, to guess values assigned to it. Versions 1.1.4 and 1.2.3 respond with an error if such a custom variable is used.

nvd логотип

CVE-2025-61789

CVSS3: 5.3
nvd
4 месяца назад

Icinga DB Web provides a graphical interface for Icinga monitoring. Before 1.1.4 and 1.2.3, an authorized user with access to Icinga DB Web, can use a custom variable in a filter that is either protected by icingadb/protect/variables or hidden by icingadb/denylist/variables, to guess values assigned to it. Versions 1.1.4 and 1.2.3 respond with an error if such a custom variable is used.

EPSS

Процентиль: 15%
0.00048
Низкий