Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2022-24716

Icinga Web 2 is an open source monitoring web interface, framework and command-line interface. Unauthenticated users can leak the contents of files of the local system accessible to the web-server user, including icingaweb2 configuration files with database credentials. This issue has been resolved in versions 2.9.6 and 2.10 of Icinga Web 2. Database credentials should be rotated.

CVE
Open in Source
#vulnerability#web#auth

Impact

Unauthenticated users can leak the contents of files of the local system accessible to the web-server user, including icingaweb2 configuration files with database credentials.

Patches

This issue has been resolved in versions 2.9.6 and 2.10 of Icinga Web 2.

Database credentials should be rotated.

Workarounds

Only allow trusted source IP addresses to access to the icingaweb2 instance and the database.

References

Further technical details will be disclosed on https://blog.sonarsource.com/tag/security after some time.

For more information

If you have any questions or comments about this advisory, you can contact:

  • The original reporters, by sending an email to vulnerability.research [at] sonarsource.com;
  • The maintainers, by asking for assistance on the forums

Related news

Gentoo Linux Security Advisory 202208-05

Gentoo Linux Security Advisory 202208-5 - Multiple vulnerabilities have been found in Icinga Web 2, the worst of which could result in remote code execution. Versions less than 2.9.6 are affected.

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE
CVE-2023-6905
CVE
CVE-2023-6903
CVE
CVE-2023-6904
CVE
CVE-2023-3907
CVE