|Category:||Web application abuses|
|Title:||Icinga Web 2 < 2.8.2 Directory Traversal Vulnerability|
|Summary:||Icinga Web 2 is prone to a directory traversal vulnerability.|
Icinga Web 2 is prone to a directory traversal vulnerability.
The vulnerability allows an attacker to access arbitrary files which are
readable by the process running Icinga Web 2. (This is usually the web server or fpm process)
To exploit this vulnerability the attacker has to acquire the following knowledge:
- The URI at which Icinga Web 2 is accessible
- An installed additional (non-core) module, which can be leveraged (known public modules are businessprocess,
director, reporting, map and globe)
- The module's install path
A valid user login is NOT required.
An unauthenticated attacker may read arbitrary files.
Icinga Web 2 prior to version 2.8.2.
Update to version 2.8.2 or later.
Common Vulnerability Exposure (CVE) ID: CVE-2020-24368|
|Copyright||Copyright (C) 2020 Greenbone Networks GmbH|
|This is only one of 85075 vulnerability tests in our test suite. Find out more about running a complete security audit.|
To run a free test of this vulnerability against your system, register below.