CNNVD-202507-2232 Information

CNNVD ID

CNNVD-202507-2232

Related CVE

CVE-2025-53840

• CNNVD Published: 2025-07-16

Description (Chinese)

Icinga DB Web是Icinga开源的一个Icinga DB数据库的图形界面。 Icinga DB Web 1.2.0至1.2.2之前版本存在信息泄露漏洞，该漏洞源于依赖视图访问控制不当，可能导致用户查看未授权主机和服务。

Description (English)

Icinga DB Web is a graphical interface to an Icinga DB database from Icinga Open Source. There was an information leakage loophole in the pre-Icinga DB Web 1.2.0 to 1.2.2, which stemmed from inadequate access controls based on a view, which could lead users to view unauthorized hosts and services.

Hazard Level

Critical

Vulnerability Type

信息泄露

Affected Vendor

icom

Published

2025-07-16

Last Modified

2026-02-24

References

https://github.com/Icinga/icingadb-web/releases/tag/v1.2.2 https://github.com/Icinga/icingadb-web/security/advisories/GHSA-q2w7-mrx8-5473

Patch

https://github.com/Icinga/icingadb-web/releases