CVE-2022-24715
Published Mar 8, 2022
Last updated a year ago
Overview
- Description
- Icinga Web 2 is an open source monitoring web interface, framework and command-line interface. Authenticated users, with access to the configuration, can create SSH resource files in unintended directories, leading to the execution of arbitrary code. This issue has been resolved in versions 2.8.6, 2.9.6 and 2.10 of Icinga Web 2. Users unable to upgrade should limit access to the Icinga Web 2 configuration.
- Source
- security-advisories@github.com
- NVD status
- Modified
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 3.1
- Type
- Primary
- Base score
- 8.8
- Impact score
- 5.9
- Exploitability score
- 2.8
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
- Severity
- HIGH
CVSS 2.0
- Type
- Primary
- Base score
- 6
- Impact score
- 6.4
- Exploitability score
- 6.8
- Vector string
- AV:N/AC:M/Au:S/C:P/I:P/A:P
Weaknesses
- security-advisories@github.com
- CWE-22
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:icinga:icinga_web_2:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "31515B3D-01CA-4B3C-AF94-AD63FDE7F8B7",
"versionEndExcluding": "2.8.6"
},
{
"criteria": "cpe:2.3:a:icinga:icinga_web_2:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "CE7D185F-C8C8-4401-B8F5-580DF83D5D79",
"versionEndExcluding": "2.9.6",
"versionStartIncluding": "2.9.0"
}
],
"operator": "OR"
}
]
}
]