Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
suseSuseOPENSUSE-SU-2022:0097-1
HistoryMar 31, 2022 - 12:00 a.m.

Security update for icingaweb2 (important)

2022-03-3100:00:00
lists.opensuse.org
27
icingaweb2
security update
vulnerabilities
cve-2022-24715
cve-2022-24714
ssh resources
arbitrary code execution
unwanted disclosure
opensuse
patch instructions

EPSS

0.004

Percentile

74.6%

JSON

An update that fixes two vulnerabilities is now available.

Description:

This update for icingaweb2 fixes the following issues:

icingaweb2 was updated to 2.8.6

This is a security release.

  • Security Fixes
  • CVE-2022-24715: SSH resources allow arbitrary code execution for
    authenticated users (GHSA-v9mv-h52f-7g63 boo#1196911)
  • CVE-2022-24714: Unwanted disclosure of hosts and related data, linked to
    decommissioned services (GHSA-qcmg-vr56-x9wf boo#1196913)

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or “zypper patch”.

Alternatively you can run the command listed for your product:

  • openSUSE Backports SLE-15-SP3:

    zypper in -t patch openSUSE-2022-97=1

Related

openvas 1
suse 1
nessus 2
gentoo 1
cve 2
debiancve 2
githubexploit 3
veracode 2
ubuntucve 2
prion 2
cvelist 2
exploitdb 1
osv 2
nvd 2
zdt 1
packetstorm 1
openvas
openvas
Icinga Web 2 < 2.8.6, 2.9.x < 2.9.6 Multiple Vulnerabilities
2022-03-09 00:00:00
suse
suse
Security update for icingaweb2 (important)
2022-03-21 00:00:00
nessus
nessus
openSUSE 15 Security Update : icingaweb2 (openSUSE-SU-2022:0097-1)
2022-04-01 00:00:00
GLSA-202208-05 : Icinga Web 2: Multiple Vulnerabilities
2022-08-04 00:00:00
gentoo
gentoo
Icinga Web 2: Multiple Vulnerabilities
2022-08-04 00:00:00
cve
cve
CVE-2022-24714
2022-03-08 20:15:07
CVE-2022-24715
2022-03-08 20:15:07
debiancve
debiancve
CVE-2022-24715
2022-03-08 20:15:07
CVE-2022-24714
2022-03-08 20:15:07
githubexploit
githubexploit
Exploit for Path Traversal in Icinga Icinga Web 2
2023-07-08 23:22:28
Exploit for Path Traversal in Icinga Icinga Web 2
2023-03-20 04:31:32
Exploit for Path Traversal in Icinga Icinga Web 2
2023-07-08 19:00:47
veracode
veracode
Remote Code Execution (RCE)
2022-03-11 02:35:23
Insecure Access Control
2022-03-11 02:35:24
ubuntucve
ubuntucve
CVE-2022-24715
2022-03-08 00:00:00
CVE-2022-24714
2022-03-08 00:00:00
prion
prion
Design/Logic Flaw
2022-03-08 20:15:00
Code injection
2022-03-08 20:15:00
cvelist
cvelist
CVE-2022-24714 Disclosure of hosts and related data, linked to decommissioned services in Icinga Web 2
2022-03-08 19:55:09
CVE-2022-24715 Arbitrary code execution for authenticated users in Icinga Web 2
2022-03-08 00:00:00
exploitdb
exploitdb
Icinga Web 2.10 - Authenticated Remote Code Execution
2023-07-15 00:00:00
osv
osv
CVE-2022-24714
2022-03-08 20:15:07
CVE-2022-24715
2022-03-08 20:15:07
nvd
nvd
CVE-2022-24714
2022-03-08 20:15:07
CVE-2022-24715
2022-03-08 20:15:07
zdt
zdt
Icinga Web 2.10 - Authenticated Remote Code Execution Exploit
2023-07-15 00:00:00
packetstorm
packetstorm
Icinga Web 2.10 Remote Code Execution
2023-07-17 00:00:00

EPSS

0.004

Percentile

74.6%

JSON
Related for OPENSUSE-SU-2022:0097-1
openvas1suse1nessus2gentoo1cve2debiancve2githubexploit3veracode2ubuntucve2prion2cvelist2exploitdb1osv2nvd2zdt1packetstorm1