Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.5
CVSSv3

CVE-2020-24368

Published: 19/08/2020 Updated: 13/12/2022
CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6
CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9
VMScore: 383
Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N
Subscribe to Icinga Web 2

Vulnerability Summary

Icinga Icinga Web2 2.0.0 up to and including 2.6.4, 2.7.4 and 2.8.2 has a Directory Traversal vulnerability which allows an malicious user to access arbitrary files that are readable by the process running Icinga Web 2. This issue is fixed in Icinga Web 2 in v2.6.4, v2.7.4 and v2.8.2.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

icinga icinga web 2

debian debian linux 9.0

debian debian linux 10

suse package_hub -

Vendor Advisories

Debian CVElist Bug Report Logs: CVE-2020-24368
Debian Bug report logs - #968833 CVE-2020-24368 Package: icingaweb2; Maintainer for icingaweb2 is Debian Nagios Maintainer Group <pkg-nagios-devel@listsaliothdebianorg>; Source for icingaweb2 is src:icingaweb2 (PTS, buildd, popcon) Reported by: Moritz Muehlenhoff <jmm@debianorg> Date: Fri, 21 Aug 2020 21:21:02 UT ...
Debian Security Advisories: DSA-4747-1 icingaweb2 -- security update
A directory traversal vulnerability was discovered in Icinga Web 2, a web interface for Icinga, which could result in the disclosure of files readable by the process For the stable distribution (buster), this problem has been fixed in version 262-3+deb10u1 We recommend that you upgrade your icingaweb2 packages For the detailed security status ...

References

CWE-22https://github.com/Icinga/icingaweb2/blob/master/CHANGELOG.mdhttps://github.com/Icinga/icingaweb2/issues/4226https://icinga.com/2020/08/19/icinga-web-security-release-v2-6-4-v2-7-4-and-v2-8-2/https://www.debian.org/security/2020/dsa-4747https://lists.debian.org/debian-lts-announce/2020/08/msg00040.htmlhttp://lists.opensuse.org/opensuse-security-announce/2020-10/msg00026.htmlhttps://security.gentoo.org/glsa/202208-05https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=968833https://nvd.nist.govhttps://www.debian.org/security/2020/dsa-4747
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4671unauthorizedCVE-2024-4776CVE-2024-3407CVE-2024-26026CVE-2024-32888wirelessCVE-2024-4656template injection
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook