Описание
Icinga Web 2 is an open source monitoring web interface, framework and command-line interface. Unauthenticated users can leak the contents of files of the local system accessible to the web-server user, including icingaweb2 configuration files with database credentials. This issue has been resolved in versions 2.9.6 and 2.10 of Icinga Web 2. Database credentials should be rotated.
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | not-affected | code not present |
| devel | not-affected | 2.11.1-1 |
| esm-apps/bionic | not-affected | code not present |
| esm-apps/focal | not-affected | code not present |
| esm-apps/jammy | needed | |
| esm-apps/noble | not-affected | 2.11.1-1 |
| esm-apps/xenial | not-affected | code not present |
| focal | not-affected | code not present |
| impish | not-affected | code not present |
| jammy | needed |
Показывать по
EPSS
5 Medium
CVSS2
7.5 High
CVSS3
Связанные уязвимости
Icinga Web 2 is an open source monitoring web interface, framework and command-line interface. Unauthenticated users can leak the contents of files of the local system accessible to the web-server user, including `icingaweb2` configuration files with database credentials. This issue has been resolved in versions 2.9.6 and 2.10 of Icinga Web 2. Database credentials should be rotated.
Icinga Web 2 is an open source monitoring web interface, framework and ...
Уязвимость PHP фреймворка Icinga Web 2, позволяющая нарушителю выполнить произвольный код
EPSS
5 Medium
CVSS2
7.5 High
CVSS3