Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
icinga icinga vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2012-3441
The database creation script (module/idoutils/db/scripts/create_mysqldb.sh) in Icinga 1.7.1 grants access to all databases to the icinga user, which allows icinga users to access other databases via unspecified vectors.
Icinga Icinga 1.7.1
5.3
CVSSv3
CVE-2022-24714
Icinga Web 2 is an open source monitoring web interface, framework and command-line interface. Installations of Icinga 2 with the IDO writer enabled are affected. If you use service custom variables in role restrictions, and you regularly decommission service objects, users with ...
Icinga Icinga Web 2
7.5
CVSSv3
CVE-2022-24716
Icinga Web 2 is an open source monitoring web interface, framework and command-line interface. Unauthenticated users can leak the contents of files of the local system accessible to the web-server user, including `icingaweb2` configuration files with database credentials. This is...
Icinga Icinga Web 2
3 Github repositories
8.8
CVSSv3
CVE-2022-24715
Icinga Web 2 is an open source monitoring web interface, framework and command-line interface. Authenticated users, with access to the configuration, can create SSH resource files in unintended directories, leading to the execution of arbitrary code. This issue has been resolved ...
Icinga Icinga Web 2
1 EDB exploit
1 Github repository
6.5
CVSSv3
CVE-2018-18246
Icinga Web 2 prior to 2.6.2 has CSRF via /icingaweb2/config/moduledisable?name=monitoring to disable the monitoring module, or via /icingaweb2/config/moduleenable?name=setup to enable the setup module.
Icinga Icinga Web 2
5.4
CVSSv3
CVE-2018-18247
Icinga Web 2 prior to 2.6.2 has XSS via the /icingaweb2/navigation/add icon parameter.
Icinga Icinga Web 2
9.8
CVSSv3
CVE-2018-18249
Icinga Web 2 prior to 2.6.2 allows injection of PHP ini-file directives via vectors involving environment variables as the channel to send information to the attacker, such as a name=${PATH}_${APACHE_RUN_DIR}_${APACHE_RUN_USER} parameter to /icingaweb2/navigation/add or /icingawe...
Icinga Icinga Web 2
7.5
CVSSv3
CVE-2018-18250
Icinga Web 2 prior to 2.6.2 allows parameters that break navigation dashlets, as demonstrated by a single '$' character as the Name of a Navigation item.
Icinga Icinga Web 2
8.8
CVSSv3
CVE-2023-30607
icingaweb2-module-jira provides integration with Atlassian Jira. Starting in version 1.3.0 and prior to version 1.3.2, template and field configuration forms perform the deletion action before user input is validated, including the cross site request forgery token. This issue is ...
Icinga Icinga Web Jira Integration
6.1
CVSSv3
CVE-2018-18248
Icinga Web 2 has XSS via the /icingaweb2/monitoring/list/services dir parameter, the /icingaweb2/user/list query string, the /icingaweb2/monitoring/timeline query string, or the /icingaweb2/setup query string.
Icinga Icinga Web 2 2.6.1
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-12326
CVE-2024-44852
XSS
privilege escalation
CSRF
CVE-2024-12115
CVE-2024-38925
CVE-2024-38144
CVE-2024-6387
Home
/
Search Results
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
NEXT »