Icinga Web 2 directory traversal | CVE-2022-24715
NAME
Icinga Web 2 directory traversal
- Platforms Affected:
Icinga Icinga Web 2 2.8.5
Icinga Icinga Web 2 2.9.5
Icinga Icinga Web 2 2.9.0 - Risk Level:
8.5 - Exploitability:
Unproven - Consequences:
Gain Access
DESCRIPTION
Icinga Web 2 could allow a remote authenticated attacker to traverse directories on the system, caused by improper configuration validation. An attacker could send a specially-crafted SSH resource file containing “dot dot” sequences (/../) to execute arbitrary code on the system.
CVSS 3.0 Information
- Privileges Required: Low
- User Interaction: None
- Scope: Changed
- Access Vector: Network
- Access Complexity: High
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High
- Remediation Level: Official Fix
MITIGATION
Upgrade to the latest version of Icinga Web 2 (2.8.6, 2.9.6, 2.10 or later), available from the Icinga Web 2 GIT Repository. See References.
- Reference Link:
https://github.com/Icinga/icingaweb2/security/advisories/GHSA-v9mv-h52f-7g63 - Reference Link:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24715
If you like the site, please consider joining the telegram channel and supporting us on Patreon using the button below.