Security
Headlines
HeadlinesLatestCVEs

Headline

GHSA-w9pg-7c3h-fc8j: ipl/web's `ipl\Web\Common\CsrfCounterMeasure` is susceptible to CSRF

Impact

Some of the recent development by Icinga is, under certain circumstances, susceptible to cross site request forgery. (CSRF)

Affected products:

  • Icinga Web (>=2.12.0)
  • Icinga DB Web (>=1.0.0)
  • Icinga Notifications Web (>=0.1.0)
  • Icinga Web JIRA Integration (>=1.3.0)

All affected products, in any version, will be unaffected by this once icinga-php-library is upgraded.

Patches

Version 0.10.1 will include a fix for this. It will be published as part of the icinga-php-library v0.14.1 release.

ghsa
#csrf#web#git#php#jira
  1. GitHub Advisory Database
  2. GitHub Reviewed
  3. CVE-2024-41811

ipl/web’s `ipl\Web\Common\CsrfCounterMeasure` is susceptible to CSRF

Low severity GitHub Reviewed Published Aug 5, 2024 in Icinga/ipl-web • Updated Aug 5, 2024

Package

Affected versions

< 0.10.1

Impact

Some of the recent development by Icinga is, under certain circumstances, susceptible to cross site request forgery. (CSRF)

Affected products:

  • Icinga Web (>=2.12.0)
  • Icinga DB Web (>=1.0.0)
  • Icinga Notifications Web (>=0.1.0)
  • Icinga Web JIRA Integration (>=1.3.0)

All affected products, in any version, will be unaffected by this once icinga-php-library is upgraded.

Patches

Version 0.10.1 will include a fix for this. It will be published as part of the icinga-php-library v0.14.1 release.

References

  • GHSA-w9pg-7c3h-fc8j
  • Icinga/ipl-web@492336f

Published to the GitHub Advisory Database

Aug 5, 2024

ghsa: Latest News

GHSA-hxf5-99xg-86hw: cap-std doesn't fully sandbox all the Windows device filenames