Candidate: CVE-2020-24368
PublicDate: 2020-08-19 15:15:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-24368
 https://github.com/Icinga/icingaweb2/blob/master/CHANGELOG.md
 https://github.com/Icinga/icingaweb2/issues/4226
Description:
 Icinga Icinga Web2 2.0.0 through 2.6.4, 2.7.4 and 2.8.2 has a Directory
 Traversal vulnerability which allows an attacker to access arbitrary files
 that are readable by the process running Icinga Web 2. This issue is fixed
 in Icinga Web 2 in v2.6.4, v2.7.4 and v2.8.2.
Ubuntu-Description:
Notes:
 ebarretto> only affects > 2.0.0
Mitigation:
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N [7.5 HIGH]


Patches_icinga:
upstream_icinga: needs-triage
precise/esm_icinga: DNE
trusty_icinga: ignored (out of standard support)
trusty/esm_icinga: DNE
xenial_icinga: not-affected (code not present)
bionic_icinga: not-affected (code not present)
focal_icinga: DNE
devel_icinga: DNE