Icinga 2 is an open source monitoring system. In Icinga 2 versions 2.4 through 2.15.0, filter expressions provided to the various /v1/objects endpoints could access variables or objects that would otherwise be inaccessible for the user. This allows authenticated API users to learn information that should be hidden from them, including global variables not permitted by the variables permission and objects not permitted by the corresponding objects/query permissions. The vulnerability is fixed in versions 2.15.1, 2.14.7, and 2.13.13.
oryginał ENCVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:L/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:XIcinga
APPIcinga2.15.02.4.0 – 2.13.13 (bez)2.14.0 – 2.14.7 (bez)
Powiązane podatności
Icinga 2: obejście weryfikacji certyfikatu umożliwia podszywanie się pod węzły
Icinga 2: błędna walidacja certyfikatów TLS umożliwia podszywanie się pod węzły klastra i użytkowników API
Icinga 2 v2.8.0 through v2.11.7 and v2.12.2 has an issue where revoked certificates due for renewal will autom...
Icinga 2 is an open source monitoring system. From 2.10.0 to before 2.15.1, 2.14.7, and 2.13.13, when creating...
Icinga Director is a tool designed to make Icinga 2 configuration handling easy. Not any of Icinga Director's ...