What is CVE-2022-24714?

CVE-2022-24714 is a vulnerability in Icinga Web 2, an open source monitoring web interface framework and command-line interface.

How does CVE-2022-24714 affect Icinga Web 2 installations?

CVE-2022-24714 affects installations of Icinga 2 with the IDO writer enabled.

What is the severity of CVE-2022-24714?

CVE-2022-24714 has a severity rating of 5.3 (medium).

What is the fix for CVE-2022-24714?

To fix CVE-2022-24714, users should update to a version of Icinga Web 2 that is not affected, such as version 2.9.7 or later.

Where can I find more information about CVE-2022-24714?

You can find more information about CVE-2022-24714 on the GitHub commit, GitHub security advisories, and Gentoo security advisory linked in the references.

Vulnerability/
CVE-2022-24714

medium

5.3

CWE

863

8/3/2022

3/8/2024

CVE-2022-24714: Disclosure of hosts and related data, linked to decommissioned services in Icinga Web 2

First published: Tue Mar 08 2022(Updated: )

Icinga Web 2 is an open source monitoring web interface, framework and command-line interface. Installations of Icinga 2 with the IDO writer enabled are affected. If you use service custom variables in role restrictions, and you regularly decommission service objects, users with said roles may still have access to a collection of content. Note that this only applies if a role has implicitly permitted access to hosts, due to permitted access to at least one of their services. If access to a host is permitted by other means, no sensible information has been disclosed to unauthorized users. This issue has been resolved in versions 2.8.6, 2.9.6 and 2.10 of Icinga Web 2.

Credit: security-advisories@github.com

Affected Software	Affected Version	How to fix
Icinga Icinga Web 2	<2.8.6
Icinga Icinga Web 2	>=2.9.0<2.9.6

Remedy

https://github.com/Icinga/icingaweb2/commit/6e989d05a1568a6733a3d912001251acc51d9293

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is CVE-2022-24714?
CVE-2022-24714 is a vulnerability in Icinga Web 2, an open source monitoring web interface framework and command-line interface.
How does CVE-2022-24714 affect Icinga Web 2 installations?
CVE-2022-24714 affects installations of Icinga 2 with the IDO writer enabled.
What is the severity of CVE-2022-24714?
CVE-2022-24714 has a severity rating of 5.3 (medium).
What is the fix for CVE-2022-24714?
To fix CVE-2022-24714, users should update to a version of Icinga Web 2 that is not affected, such as version 2.9.7 or later.
Where can I find more information about CVE-2022-24714?
You can find more information about CVE-2022-24714 on the GitHub commit, GitHub security advisories, and Gentoo security advisory linked in the references.

collector/nvd-index
agent/type
agent/softwarecombine
collector/mitre-cve
source/MITRE
agent/references
agent/author
agent/weakness
agent/remedy
agent/last-modified-date
agent/title
agent/severity
agent/first-publish-date
agent/tags
agent/description
agent/event
vendor/icinga
canonical/icinga icinga web 2
version/icinga icinga web 2/2.9.0

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.