CVE-2021-32739 – Results of queries for ApiListener objects include the ticket salt which allows in turn to steal (more privileged) identities
https://notcve.org/view.php?id=CVE-2021-32739
Icinga is a monitoring system which checks the availability of network resources, notifies users of outages, and generates performance data for reporting. From version 2.4.0 through version 2.12.4, a vulnerability exists that may allow privilege escalation for authenticated API users. With a read-ony user's credentials, an attacker can view most attributes of all config objects including `ticket_salt` of `ApiListener`. This salt is enough to compute a ticket for every possible common name (CN). A ticket, the master node's certificate, and a self-signed certificate are enough to successfully request the desired certificate from Icinga. • https://github.com/Icinga/icinga2/security/advisories/GHSA-98wp-jc6q-x5q5 https://icinga.com/blog/2021/07/02/releasing-icinga-2-12-5-2-11-10 https://lists.debian.org/debian-lts-announce/2021/11/msg00010.html • CWE-267: Privilege Defined With Unsafe Actions CWE-269: Improper Privilege Management •
CVE-2021-32747 – Custom variable protection and blacklists can be circumvented
https://notcve.org/view.php?id=CVE-2021-32747
Icinga Web 2 is an open source monitoring web interface, framework, and command-line interface. A vulnerability in which custom variables are exposed to unauthorized users exists between versions 2.0.0 and 2.8.2. Custom variables are user-defined keys and values on configuration objects in Icinga 2. These are commonly used to reference secrets in other configurations such as check commands to be able to authenticate with a service being checked. Icinga Web 2 displays these custom variables to logged in users with access to said hosts or services. • https://github.com/Icinga/icingaweb2/releases/tag/v2.7.5 https://github.com/Icinga/icingaweb2/releases/tag/v2.8.3 https://github.com/Icinga/icingaweb2/releases/tag/v2.9.0 https://github.com/Icinga/icingaweb2/security/advisories/GHSA-2xv9-886q-p7xx • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2021-32746 – Possible path traversal by use of the `doc` module
https://notcve.org/view.php?id=CVE-2021-32746
Icinga Web 2 is an open source monitoring web interface, framework and command-line interface. Between versions 2.3.0 and 2.8.2, the `doc` module of Icinga Web 2 allows to view documentation directly in the UI. It must be enabled manually by an administrator and users need explicit access permission to use it. Then, by visiting a certain route, it is possible to gain access to arbitrary files readable by the web-server user. The issue has been fixed in the 2.9.0, 2.8.3, and 2.7.5 releases. • https://github.com/Icinga/icingaweb2/releases/tag/v2.7.5 https://github.com/Icinga/icingaweb2/releases/tag/v2.8.3 https://github.com/Icinga/icingaweb2/releases/tag/v2.9.0 https://github.com/Icinga/icingaweb2/security/advisories/GHSA-cmgc-h4cx-3v43 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVE-2020-29663
https://notcve.org/view.php?id=CVE-2020-29663
Icinga 2 v2.8.0 through v2.11.7 and v2.12.2 has an issue where revoked certificates due for renewal will automatically be renewed, ignoring the CRL. This issue is fixed in Icinga 2 v2.11.8 and v2.12.3. Icinga versiones 2 v2.8.0 hasta v2.11.7 y versión v2.12.2, presenta un problema en donde los certificados revocados que deben renovarse serán renovados automáticamente, ignorando la CRL. Este problema es corregido en Icinga versiones 2 v2.11.8 y v2.12.3 • https://github.com/Icinga/icinga2/compare/v2.12.1...v2.12.2 https://github.com/Icinga/icinga2/security/advisories/GHSA-pcmr-2p2f-r7j6 • CWE-295: Improper Certificate Validation •
CVE-2020-24368
https://notcve.org/view.php?id=CVE-2020-24368
Icinga Icinga Web2 2.0.0 through 2.6.4, 2.7.4 and 2.8.2 has a Directory Traversal vulnerability which allows an attacker to access arbitrary files that are readable by the process running Icinga Web 2. This issue is fixed in Icinga Web 2 in v2.6.4, v2.7.4 and v2.8.2. Icinga Icinga Web 2 versiones 2.0.0 hasta 2.6.4, 2.7.4 y 2.8.2, presenta una vulnerabilidad de Salto de Directorio que permite a un atacante acceder a archivos arbitrarios que son legibles por el proceso que ejecuta Icinga Web 2. Este problema se corrigió en Icinga Web 2 en versiones v2.6.4, v2.7.4 y v2.8.2. • http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00026.html https://github.com/Icinga/icingaweb2/blob/master/CHANGELOG.md https://github.com/Icinga/icingaweb2/issues/4226 https://icinga.com/2020/08/19/icinga-web-security-release-v2-6-4-v2-7-4-and-v2-8-2 https://lists.debian.org/debian-lts-announce/2020/08/msg00040.html https://security.gentoo.org/glsa/202208-05 https://www.debian.org/security/2020/dsa-4747 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •