Candidate: CVE-2022-24716
PublicDate: 2022-03-08 20:15:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24716
 https://github.com/Icinga/icingaweb2/security/advisories/GHSA-5p3f-rh28-8frw
 https://github.com/Icinga/icingaweb2/commit/9931ed799650f5b8d5e1dc58ea3415a4cdc5773d
Description:
 Icinga Web 2 is an open source monitoring web interface, framework and
 command-line interface. Unauthenticated users can leak the contents of
 files of the local system accessible to the web-server user, including
 `icingaweb2` configuration files with database credentials. This issue has
 been resolved in versions 2.9.6 and 2.10 of Icinga Web 2. Database
 credentials should be rotated.
 
Ubuntu-Description:
Notes:
Mitigation:
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N [7.5 HIGH]


Patches_icingaweb2:
upstream_icingaweb2: released (2.9.6-1)
trusty_icingaweb2: ignored (out of standard support)
xenial_icingaweb2: ignored (out of standard support)
bionic_icingaweb2: not-affected (code not present)
focal_icingaweb2: not-affected (code not present)
impish_icingaweb2: not-affected (code not present)
jammy_icingaweb2: needed
devel_icingaweb2: needed