CVSSv4: NA |
CVSSv3: 8.1 |
CVSSv2: 4.3 |
VMScore: 910 |
EPSS: 0.00245 |
KEV: Not Included
Published: 27/02/2018 Updated: 21/11/2024
Vulnerability Summary
An issue exists in Icinga 2.x up to and including 2.8.1. The lack of a constant-time password comparison function can disclose the password to an attacker.
Debian Bug report logs -
#883247
CVE-2017-16933: icinga2: root privilege escalation via prepare-dirs
Package:
icinga2;
Maintainer for icinga2 is Debian Nagios Maintainer Group <pkg-nagios-devel@listsaliothdebianorg>; Source for icinga2 is src:icinga2 (PTS, buildd, popcon)
Reported by: Henri Salo <henri@nervfi>
Da ...