CVE-2022-24716 Information

Description

Icinga Web 2 is an open source monitoring web interface framework and command-line interface. Unauthenticated users can leak the contents of files of the local system accessible to the web-server user including icingaweb2 configuration files with database credentials. This issue has been resolved in versions 2.9.6 and 2.10 of Icinga Web 2. Database credentials should be rotated.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Reference

https://github.com/Icinga/icingaweb2/security/advisories/GHSA-5p3f-rh28-8frw https://github.com/Icinga/icingaweb2/commit/9931ed799650f5b8d5e1dc58ea3415a4cdc5773d

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

HIGH

Availability Impact

NONE

Base Score

NONE

Base Severity

7.5