CVE-2022-24714

See a problem?
Source
https://nvd.nist.gov/vuln/detail/CVE-2022-24714
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-24714.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2022-24714
Aliases
  • GHSA-qcmg-vr56-x9wf
Published
2022-03-08T20:15:07Z
Modified
2024-05-30T03:35:00.076726Z
Severity
  • 5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVSS Calculator
Summary
[none]
Details

Icinga Web 2 is an open source monitoring web interface, framework and command-line interface. Installations of Icinga 2 with the IDO writer enabled are affected. If you use service custom variables in role restrictions, and you regularly decommission service objects, users with said roles may still have access to a collection of content. Note that this only applies if a role has implicitly permitted access to hosts, due to permitted access to at least one of their services. If access to a host is permitted by other means, no sensible information has been disclosed to unauthorized users. This issue has been resolved in versions 2.8.6, 2.9.6 and 2.10 of Icinga Web 2.

References

Affected packages

Git / github.com/icinga/icingaweb2

Affected ranges

Type
GIT
Repo
https://github.com/icinga/icingaweb2
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed

Affected versions

v1.*

v1.0-11

v2.*

v2.0.0
v2.0.0-beta1
v2.0.0-beta2
v2.0.0-beta3
v2.0.0-rc1
v2.1.0
v2.1.1
v2.1.2
v2.2.0
v2.3.0
v2.3.1
v2.3.2
v2.3.3
v2.3.4
v2.4.0
v2.4.0-2
v2.4.1
v2.5.0
v2.5.1
v2.5.2
v2.5.3
v2.6.0
v2.6.1
v2.6.2
v2.7.0
v2.7.1
v2.8.0
v2.8.0-rc1
v2.9.0
v2.9.1
v2.9.2
v2.9.3
v2.9.4
v2.9.5