CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2018-6533
https://notcve.org/view.php?id=CVE-2018-6533
27 Feb 2018 — An issue was discovered in Icinga 2.x through 2.8.1. By editing the init.conf file, Icinga 2 can be run as root. Following this the program can be used to run arbitrary code as root. This was fixed by no longer using init.conf to determine account information for any root-executed code (a larger issue than CVE-2017-16933). Se ha descubierto un problema en Icinga, en versiones 2.x hasta la 2.8.1. • https://github.com/Icinga/icinga2/pull/5850 •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2018-6536
https://notcve.org/view.php?id=CVE-2018-6536
02 Feb 2018 — An issue was discovered in Icinga 2.x through 2.8.1. The daemon creates an icinga2.pid file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for icinga2.pid modification before a root script executes a "kill `cat /pathname/icinga2.pid`" command, as demonstrated by icinga2.init.d.cmake. Se ha descubierto un problema en Icinga hasta la versión 2.8.1. El demonio crea un archivo icinga2.pid tras eliminar priv... • https://github.com/Icinga/icinga2/issues/5991 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 7.0EPSS: 0%CPEs: 1EXPL: 1CVE-2017-16933
https://notcve.org/view.php?id=CVE-2017-16933
24 Nov 2017 — etc/initsystem/prepare-dirs in Icinga 2.x through 2.8.1 has a chown call for a filename in a user-writable directory, which allows local users to gain privileges by leveraging access to the $ICINGA2_USER account for creation of a link. etc/initsystem/prepare-dirs en Icinga en versiones 2.x hasta la 2.8.1 tiene una llamada chown para un nombre de usuario en un directorio que puede ser escrito por el usuario. Esto permite que usuarios locales ganen privilegios aprovechando el acceso a la cuenta $ICINGA2_USER ... • https://github.com/Icinga/icinga2/issues/5793 • CWE-732: Incorrect Permission Assignment for Critical Resource •