CVE-2022-24715

Опубликовано: 08 мар. 2022

Источник: nvd

CVSS3: 8.5

CVSS3: 8.8

CVSS2: 6

EPSS Высокий

Описание

Icinga Web 2 is an open source monitoring web interface, framework and command-line interface. Authenticated users, with access to the configuration, can create SSH resource files in unintended directories, leading to the execution of arbitrary code. This issue has been resolved in versions 2.8.6, 2.9.6 and 2.10 of Icinga Web 2. Users unable to upgrade should limit access to the Icinga Web 2 configuration.

Ссылки

http://packetstormsecurity.com/files/173516/Icinga-Web-2.10-Remote-Code-Execution.html
https://github.com/Icinga/icingaweb2/commit/a06d915467ca943a4b406eb9587764b8ec34cafb
Patch
Third Party Advisory
https://github.com/Icinga/icingaweb2/security/advisories/GHSA-v9mv-h52f-7g63
Third Party Advisory
https://security.gentoo.org/glsa/202208-05
Third Party Advisory
http://packetstormsecurity.com/files/173516/Icinga-Web-2.10-Remote-Code-Execution.html
https://github.com/Icinga/icingaweb2/commit/a06d915467ca943a4b406eb9587764b8ec34cafb
Patch
Third Party Advisory
https://github.com/Icinga/icingaweb2/security/advisories/GHSA-v9mv-h52f-7g63
Third Party Advisory
https://security.gentoo.org/glsa/202208-05
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:icinga:icinga_web_2:*:*:*:*:*:*:*:*

Версия до 2.8.6 (исключая)

cpe:2.3:a:icinga:icinga_web_2:*:*:*:*:*:*:*:*

Версия от 2.9.0 (включая) до 2.9.6 (исключая)

EPSS

Процентиль: 99%

0.72512

Высокий

8.5 High

CVSS3

8.8 High

CVSS3

6 Medium

CVSS2

Дефекты

CWE-22

Связанные уязвимости

CVE-2022-24715

CVSS3: 8.5

ubuntu

почти 4 года назад

CVE-2022-24715

CVSS3: 8.5

debian

почти 4 года назад

Icinga Web 2 is an open source monitoring web interface, framework and ...

openSUSE-SU-2022:0097-1

suse-cvrf

почти 4 года назад

Security update for icingaweb2

EPSS

Процентиль: 99%

0.72512

Высокий

8.5 High

CVSS3

8.8 High

CVSS3

6 Medium

CVSS2

Дефекты

CWE-22