CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2021-37698 – Missing TLS service certificate validation in GelfWriter, ElasticsearchWriter, InfluxdbWriter and Influxdb2Writer
https://notcve.org/view.php?id=CVE-2021-37698
19 Aug 2021 — Icinga is a monitoring system which checks the availability of network resources, notifies users of outages, and generates performance data for reporting. In versions 2.5.0 through 2.13.0, ElasticsearchWriter, GelfWriter, InfluxdbWriter and Influxdb2Writer do not verify the server's certificate despite a certificate authority being specified. Icinga 2 instances which connect to any of the mentioned time series databases (TSDBs) using TLS over a spoofable infrastructure should immediately upgrade to version ... • https://github.com/Icinga/icinga2/releases/tag/v2.11.11 • CWE-295: Improper Certificate Validation •
CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 2CVE-2021-32743 – Passwords used to access external services inadvertently exposed through API
https://notcve.org/view.php?id=CVE-2021-32743
15 Jul 2021 — Icinga is a monitoring system which checks the availability of network resources, notifies users of outages, and generates performance data for reporting. In versions prior to 2.11.10 and from version 2.12.0 through version 2.12.4, some of the Icinga 2 features that require credentials for external services expose those credentials through the API to authenticated API users with read permissions for the corresponding object types. IdoMysqlConnection and IdoPgsqlConnection (every released version) exposes th... • https://github.com/Icinga/icinga2/security/advisories/GHSA-wrpw-pmr8-qgj7 • CWE-202: Exposure of Sensitive Information Through Data Queries •
CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 1CVE-2021-32739 – Results of queries for ApiListener objects include the ticket salt which allows in turn to steal (more privileged) identities
https://notcve.org/view.php?id=CVE-2021-32739
15 Jul 2021 — Icinga is a monitoring system which checks the availability of network resources, notifies users of outages, and generates performance data for reporting. From version 2.4.0 through version 2.12.4, a vulnerability exists that may allow privilege escalation for authenticated API users. With a read-ony user's credentials, an attacker can view most attributes of all config objects including `ticket_salt` of `ApiListener`. This salt is enough to compute a ticket for every possible common name (CN). A ticket, th... • https://github.com/Icinga/icinga2/security/advisories/GHSA-98wp-jc6q-x5q5 • CWE-267: Privilege Defined With Unsafe Actions CWE-269: Improper Privilege Management •
CVSS: 9.1EPSS: 0%CPEs: 2EXPL: 0CVE-2020-29663 – Gentoo Linux Security Advisory 202412-08
https://notcve.org/view.php?id=CVE-2020-29663
15 Dec 2020 — Icinga 2 v2.8.0 through v2.11.7 and v2.12.2 has an issue where revoked certificates due for renewal will automatically be renewed, ignoring the CRL. This issue is fixed in Icinga 2 v2.11.8 and v2.12.3. Icinga versiones 2 v2.8.0 hasta v2.11.7 y versión v2.12.2, presenta un problema en donde los certificados revocados que deben renovarse serán renovados automáticamente, ignorando la CRL. Este problema es corregido en Icinga versiones 2 v2.11.8 y v2.12.3 Multiple vulnerabilities have been discovered in Ic... • https://github.com/Icinga/icinga2/compare/v2.12.1...v2.12.2 • CWE-295: Improper Certificate Validation •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 1CVE-2020-14004
https://notcve.org/view.php?id=CVE-2020-14004
12 Jun 2020 — An issue was discovered in Icinga2 before v2.12.0-rc1. The prepare-dirs script (run as part of the icinga2 systemd service) executes chmod 2750 /run/icinga2/cmd. /run/icinga2 is under control of an unprivileged user by default. If /run/icinga2/cmd is a symlink, then it will by followed and arbitrary files can be changed to mode 2750 by the unprivileged icinga2 user. Se detectó un problema en Icinga2 versiones anteriores a v2.12.0-rc1. • http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00014.html • CWE-59: Improper Link Resolution Before File Access ('Link Following') •