Vulnerability   
Search   
    Search 187964 CVE descriptions
and 85075 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.144432
Category:Web application abuses
Title:Icinga Web 2 < 2.8.2 Directory Traversal Vulnerability
Summary:Icinga Web 2 is prone to a directory traversal vulnerability.
Description:Summary:
Icinga Web 2 is prone to a directory traversal vulnerability.

Vulnerability Insight:
The vulnerability allows an attacker to access arbitrary files which are
readable by the process running Icinga Web 2. (This is usually the web server or fpm process)

To exploit this vulnerability the attacker has to acquire the following knowledge:

- The URI at which Icinga Web 2 is accessible

- An installed additional (non-core) module, which can be leveraged (known public modules are businessprocess,
director, reporting, map and globe)

- The module's install path

A valid user login is NOT required.

Vulnerability Impact:
An unauthenticated attacker may read arbitrary files.

Affected Software/OS:
Icinga Web 2 prior to version 2.8.2.

Solution:
Update to version 2.8.2 or later.

CVSS Score:
4.3

CVSS Vector:
AV:N/AC:M/Au:N/C:P/I:N/A:N

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2020-24368
CopyrightCopyright (C) 2020 Greenbone Networks GmbH

This is only one of 85075 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2020 E-Soft Inc. All rights reserved.