CVE-2018-6533
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2018-6533
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-6533.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2018-6533
- Downstream
- Published
- 2018-02-27T19:29:00Z
- Modified
- 2025-11-06T01:04:54.296831Z
- Severity
-
- 7.8 (High) CVSS_V3 - CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
An issue was discovered in Icinga 2.x through 2.8.1. By editing the init.conf file, Icinga 2 can be run as root. Following this the program can be used to run arbitrary code as root. This was fixed by no longer using init.conf to determine account information for any root-executed code (a larger issue than CVE-2017-16933).
- References
Affected packages
Git / github.com/icinga/icinga2
Affected versions
v2.*
v2.0.0
v2.0.1
v2.0.2
v2.1.0
v2.1.1
v2.2.0
v2.3.0
v2.3.1
v2.3.10
v2.3.11
v2.3.2
v2.3.3
v2.3.4
v2.3.5
v2.3.6
v2.3.7
v2.3.8
v2.3.9
v2.4.0
v2.4.1
v2.4.10
v2.4.2
v2.4.3
v2.4.4
v2.4.5
v2.4.6
v2.4.7
v2.4.8
v2.4.9
v2.5.0
v2.5.1
v2.5.2
v2.5.3
v2.5.4
v2.6.0
v2.6.1
v2.6.2
v2.6.3
v2.7.0
v2.7.1
v2.7.2
v2.8.0
v2.8.1