CVE-2024-24820
Icinga Director configuration is susceptible to Cross-Site Request Forgery
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
Icinga Director is a tool designed to make Icinga 2 configuration handling easy. Not any of Icinga Director's configuration forms used to manipulate the monitoring environment are protected against cross site request forgery (CSRF). It enables attackers to perform changes in the monitoring environment managed by Icinga Director without the awareness of the victim. Users of the map module in version 1.x, should immediately upgrade to v2.0. The mentioned XSS vulnerabilities in Icinga Web are already fixed as well and upgrades to the most recent release of the 2.9, 2.10 or 2.11 branch must be performed if not done yet. Any later major release is also suitable. Icinga Director will receive minor updates to the 1.8, 1.9, 1.10 and 1.11 branches to remedy this issue. Upgrade immediately to a patched release. If that is not feasible, disable the director module for the time being.
Icinga Director es una herramienta manipulada para facilitar el manejo de la configuración de Icinga 2. Ninguno de los formularios de configuración de Icinga Director utilizados para manipular el entorno de monitoreo está protegido contra cross site request forgery (CSRF). Permite a los atacantes realizar cambios en el entorno de monitoreo administrado por Icinga Director sin el conocimiento de la víctima. Los usuarios del módulo de mapas en la versión 1.x deben actualizar inmediatamente a la versión 2.0. Las vulnerabilidades XSS mencionadas en Icinga Web también ya están solucionadas y se deben realizar actualizaciones a la versión más reciente de la rama 2.9, 2.10 o 2.11 si aún no se han hecho. Cualquier versión importante posterior también es adecuada. Icinga Director recibirá actualizaciones menores para las ramas 1.8, 1.9, 1.10 y 1.11 para solucionar este problema. Actualice inmediatamente a una versión parcheada. Si eso no es posible, desactive el módulo director por el momento.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2024-01-31 CVE Reserved
- 2024-02-09 CVE Published
- 2024-02-17 EPSS Updated
- 2024-08-01 CVE Updated
- 2024-08-01 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-352: Cross-Site Request Forgery (CSRF)
CAPEC
References (6)
URL | Tag | Source |
---|---|---|
https://blog.mozilla.org/en/mozilla/firefox-rolls-out-total-cookie-protection-by-default-to-all-users-worldwide | Media Coverage | |
https://github.com/Icinga/icingaweb2-module-director/security/advisories/GHSA-3mwp-5p5v-j6q3 | Third Party Advisory | |
https://github.com/Icinga/icingaweb2/issues?q=is%3Aissue++is%3Aclosed+4979+4960+4947 | Issue Tracking | |
https://support.apple.com/en-is/guide/safari/sfri11471/16.0 | Third Party Advisory | |
https://www.chromium.org/updates/same-site | Issue Tracking |
URL | Date | SRC |
---|---|---|
https://github.com/nbuchwitz/icingaweb2-module-map/pull/86 | 2024-08-01 |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Icinga Search vendor "Icinga" | Icinga Search vendor "Icinga" for product "Icinga" | >= 1.0.0 < 1.8.2 Search vendor "Icinga" for product "Icinga" and version " >= 1.0.0 < 1.8.2" | - |
Affected
| ||||||
Icinga Search vendor "Icinga" | Icinga Search vendor "Icinga" for product "Icinga" | >= 1.9.0 < 1.9.2 Search vendor "Icinga" for product "Icinga" and version " >= 1.9.0 < 1.9.2" | - |
Affected
| ||||||
Icinga Search vendor "Icinga" | Icinga Search vendor "Icinga" for product "Icinga" | >= 1.10.0 < 1.10.3 Search vendor "Icinga" for product "Icinga" and version " >= 1.10.0 < 1.10.3" | - |
Affected
| ||||||
Icinga Search vendor "Icinga" | Icinga Search vendor "Icinga" for product "Icinga" | >= 1.11.0 < 1.11.3 Search vendor "Icinga" for product "Icinga" and version " >= 1.11.0 < 1.11.3" | - |
Affected
|