Headline
GHSA-w9pg-7c3h-fc8j: ipl/web's `ipl\Web\Common\CsrfCounterMeasure` is susceptible to CSRF
Impact
Some of the recent development by Icinga is, under certain circumstances, susceptible to cross site request forgery. (CSRF)
Affected products:
- Icinga Web (>=2.12.0)
- Icinga DB Web (>=1.0.0)
- Icinga Notifications Web (>=0.1.0)
- Icinga Web JIRA Integration (>=1.3.0)
All affected products, in any version, will be unaffected by this once icinga-php-library is upgraded.
Patches
Version 0.10.1 will include a fix for this. It will be published as part of the icinga-php-library v0.14.1 release.
- GitHub Advisory Database
- GitHub Reviewed
- CVE-2024-41811
ipl/web’s `ipl\Web\Common\CsrfCounterMeasure` is susceptible to CSRF
Low severity GitHub Reviewed Published Aug 5, 2024 in Icinga/ipl-web • Updated Aug 5, 2024
Package
Affected versions
< 0.10.1
Impact
Some of the recent development by Icinga is, under certain circumstances, susceptible to cross site request forgery. (CSRF)
Affected products:
- Icinga Web (>=2.12.0)
- Icinga DB Web (>=1.0.0)
- Icinga Notifications Web (>=0.1.0)
- Icinga Web JIRA Integration (>=1.3.0)
All affected products, in any version, will be unaffected by this once icinga-php-library is upgraded.
Patches
Version 0.10.1 will include a fix for this. It will be published as part of the icinga-php-library v0.14.1 release.
References
- GHSA-w9pg-7c3h-fc8j
- Icinga/ipl-web@492336f
Published to the GitHub Advisory Database
Aug 5, 2024