CVE-2021-32739

Опубликовано: 15 июл. 2021

Источник: nvd

CVSS3: 8.8

CVSS2: 6.5

EPSS Низкий

Описание

Icinga is a monitoring system which checks the availability of network resources, notifies users of outages, and generates performance data for reporting. From version 2.4.0 through version 2.12.4, a vulnerability exists that may allow privilege escalation for authenticated API users. With a read-ony user's credentials, an attacker can view most attributes of all config objects including ticket_salt of ApiListener. This salt is enough to compute a ticket for every possible common name (CN). A ticket, the master node's certificate, and a self-signed certificate are enough to successfully request the desired certificate from Icinga. That certificate may in turn be used to steal an endpoint or API user's identity. Versions 2.12.5 and 2.11.10 both contain a fix the vulnerability. As a workaround, one may either specify queryable types explicitly or filter out ApiListener objects.

Ссылки

https://github.com/Icinga/icinga2/security/advisories/GHSA-98wp-jc6q-x5q5
Exploit
Third Party Advisory
https://icinga.com/blog/2021/07/02/releasing-icinga-2-12-5-2-11-10/
Broken Link
Vendor Advisory
https://lists.debian.org/debian-lts-announce/2021/11/msg00010.html
Mailing List
Third Party Advisory
https://github.com/Icinga/icinga2/security/advisories/GHSA-98wp-jc6q-x5q5
Exploit
Third Party Advisory
https://icinga.com/blog/2021/07/02/releasing-icinga-2-12-5-2-11-10/
Broken Link
Vendor Advisory
https://lists.debian.org/debian-lts-announce/2021/11/msg00010.html
Mailing List
Third Party Advisory
https://lists.debian.org/debian-lts-announce/2024/11/msg00010.html

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:icinga:icinga:*:*:*:*:*:*:*:*

Версия от 2.4.0 (включая) до 2.11.10 (исключая)

cpe:2.3:a:icinga:icinga:*:*:*:*:*:*:*:*

Версия от 2.12.0 (включая) до 2.12.5 (исключая)

Конфигурация 2

cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*

EPSS

Процентиль: 53%

0.00297

Низкий

8.8 High

CVSS3

6.5 Medium

CVSS2

Дефекты

CWE-267

CWE-269

Связанные уязвимости

CVE-2021-32739

CVSS3: 8.8

ubuntu

больше 4 лет назад

Icinga is a monitoring system which checks the availability of network resources, notifies users of outages, and generates performance data for reporting. From version 2.4.0 through version 2.12.4, a vulnerability exists that may allow privilege escalation for authenticated API users. With a read-ony user's credentials, an attacker can view most attributes of all config objects including `ticket_salt` of `ApiListener`. This salt is enough to compute a ticket for every possible common name (CN). A ticket, the master node's certificate, and a self-signed certificate are enough to successfully request the desired certificate from Icinga. That certificate may in turn be used to steal an endpoint or API user's identity. Versions 2.12.5 and 2.11.10 both contain a fix the vulnerability. As a workaround, one may either specify queryable types explicitly or filter out ApiListener objects.

CVE-2021-32739

CVSS3: 8.8

debian

больше 4 лет назад

Icinga is a monitoring system which checks the availability of network ...

BDU:2022-02056

CVSS3: 8.8

fstec

больше 4 лет назад

Уязвимость системы мониторинга доступности сетевых ресурсов Icinga, связанная с небезопасным управлением привилегиями, позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании

openSUSE-SU-2021:1089-1

suse-cvrf

больше 4 лет назад

Security update for icinga2

EPSS

Процентиль: 53%

0.00297

Низкий

8.8 High

CVSS3

6.5 Medium

CVSS2

Дефекты

CWE-267

CWE-269