EPSS
Percentile
78.4%
Icinga is vulnerable to privilege escalation. The vulnerability exists due to the ability to view most attributes of all config objects including ticket_salt of ApiListener due to the lack of sanitization.
ticket_salt
ApiListener
github.com/Icinga/icinga2/security/advisories/GHSA-98wp-jc6q-x5q5
icinga.com/blog/2021/07/02/releasing-icinga-2-12-5-2-11-10/
lists.debian.org/debian-lts-announce/2021/11/msg00010.html
security-tracker.debian.org/tracker/CVE-2021-32739