Candidate: CVE-2022-24715
PublicDate: 2022-03-08 20:15:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24715
 https://github.com/Icinga/icingaweb2/security/advisories/GHSA-v9mv-h52f-7g63
 https://github.com/Icinga/icingaweb2/commit/a06d915467ca943a4b406eb9587764b8ec34cafb
Description:
 Icinga Web 2 is an open source monitoring web interface, framework and
 command-line interface. Authenticated users, with access to the
 configuration, can create SSH resource files in unintended directories,
 leading to the execution of arbitrary code. This issue has been resolved in
 versions 2.8.6, 2.9.6 and 2.10 of Icinga Web 2. Users unable to upgrade
 should limit access to the Icinga Web 2 configuration.
Ubuntu-Description:
Notes:
Mitigation:
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H [8.8 HIGH]


Patches_icingaweb2:
upstream_icingaweb2: released (2.9.6-1)
trusty_icingaweb2: ignored (out of standard support)
xenial_icingaweb2: ignored (out of standard support)
bionic_icingaweb2: needed
focal_icingaweb2: needed
impish_icingaweb2: needed
jammy_icingaweb2: needed
devel_icingaweb2: needed