CVE-2021-37698

Опубликовано: 19 авг. 2021

Источник: ubuntu

Приоритет: medium

EPSS Низкий

CVSS2: 5

CVSS3: 7.5

Описание

Icinga is a monitoring system which checks the availability of network resources, notifies users of outages, and generates performance data for reporting. In versions 2.5.0 through 2.13.0, ElasticsearchWriter, GelfWriter, InfluxdbWriter and Influxdb2Writer do not verify the server's certificate despite a certificate authority being specified. Icinga 2 instances which connect to any of the mentioned time series databases (TSDBs) using TLS over a spoofable infrastructure should immediately upgrade to version 2.13.1, 2.12.6, or 2.11.11 to patch the issue. Such instances should also change the credentials (if any) used by the TSDB writer feature to authenticate against the TSDB. There are no workarounds aside from upgrading.

Релиз	Статус	Примечание
bionic	ignored	end of standard support, was needs-triage
devel	not-affected	2.13.5-1
esm-apps/bionic	needs-triage
esm-apps/focal	needs-triage
esm-apps/jammy	needs-triage
esm-apps/noble	not-affected	2.13.5-1
esm-apps/xenial	needs-triage
esm-infra-legacy/trusty	DNE
focal	ignored	end of standard support, was needs-triage
hirsute	ignored	end of life

Показывать по

Ссылки на источники

EPSS

Процентиль: 37%

0.00157

Низкий

5 Medium

CVSS2

7.5 High

CVSS3

Связанные уязвимости

CVE-2021-37698

CVSS3: 7.5

nvd

больше 4 лет назад

CVE-2021-37698

CVSS3: 7.5

debian

больше 4 лет назад

Icinga is a monitoring system which checks the availability of network ...

SUSE-SU-2022:3725-1

suse-cvrf

больше 3 лет назад

Security update for icinga2

EPSS

Процентиль: 37%

0.00157

Низкий

5 Medium

CVSS2

7.5 High

CVSS3

CVE-2021-37698

Описание

Пакет icinga2

Ссылки на источники

Связанные уязвимости