Vulnerability Description
Icinga Web 2 is an open source monitoring web interface, framework and command-line interface. Authenticated users, with access to the configuration, can create SSH resource files in unintended directories, leading to the execution of arbitrary code. This issue has been resolved in versions 2.8.6, 2.9.6 and 2.10 of Icinga Web 2. Users unable to upgrade should limit access to the Icinga Web 2 configuration.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Icinga | Icinga Web 2 | < 2.8.6 |
Related Weaknesses (CWE)
References
- http://packetstormsecurity.com/files/173516/Icinga-Web-2.10-Remote-Code-Executio
- https://github.com/Icinga/icingaweb2/commit/a06d915467ca943a4b406eb9587764b8ec34PatchThird Party Advisory
- https://github.com/Icinga/icingaweb2/security/advisories/GHSA-v9mv-h52f-7g63Third Party Advisory
- https://security.gentoo.org/glsa/202208-05Third Party Advisory
- http://packetstormsecurity.com/files/173516/Icinga-Web-2.10-Remote-Code-Executio
- https://github.com/Icinga/icingaweb2/commit/a06d915467ca943a4b406eb9587764b8ec34PatchThird Party Advisory
- https://github.com/Icinga/icingaweb2/security/advisories/GHSA-v9mv-h52f-7g63Third Party Advisory
- https://security.gentoo.org/glsa/202208-05Third Party Advisory
FAQ
What is CVE-2022-24715?
CVE-2022-24715 is a vulnerability with a CVSS score of 8.5 (HIGH). Icinga Web 2 is an open source monitoring web interface, framework and command-line interface. Authenticated users, with access to the configuration, can create SSH resource files in unintended direct...
How severe is CVE-2022-24715?
CVE-2022-24715 has been rated HIGH with a CVSS base score of 8.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-24715?
Check the references section above for vendor advisories and patch information. Affected products include: Icinga Icinga Web 2.