5.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
5.4 Medium
AI Score
Confidence
High
3.5 Low
CVSS2
Access Vector
Access Complexity
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:M/Au:S/C:P/I:N/A:N
0.001 Low
EPSS
Percentile
42.9%
Icinga Web 2 is an open source monitoring web interface, framework and command-line interface. Between versions 2.3.0 and 2.8.2, the doc
module of Icinga Web 2 allows to view documentation directly in the UI. It must be enabled manually by an administrator and users need explicit access permission to use it. Then, by visiting a certain route, it is possible to gain access to arbitrary files readable by the web-server user. The issue has been fixed in the 2.9.0, 2.8.3, and 2.7.5 releases. As a workaround, an administrator may disable the doc
module or revoke permission to use it from all users.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Alpine | edge-community | noarch | icingaweb2 | < 2.9.0-r0 | UNKNOWN |
Alpine | 3.15-community | noarch | icingaweb2 | < 2.9.0-r0 | UNKNOWN |
Alpine | 3.16-community | noarch | icingaweb2 | < 2.9.0-r0 | UNKNOWN |
Alpine | 3.17-community | noarch | icingaweb2 | < 2.9.0-r0 | UNKNOWN |
Alpine | 3.18-community | noarch | icingaweb2 | < 2.9.0-r0 | UNKNOWN |
Alpine | 3.19-community | noarch | icingaweb2 | < 2.9.0-r0 | UNKNOWN |
Alpine | 3.20-community | noarch | icingaweb2 | < 2.9.0-r0 | UNKNOWN |
5.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
5.4 Medium
AI Score
Confidence
High
3.5 Low
CVSS2
Access Vector
Access Complexity
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:M/Au:S/C:P/I:N/A:N
0.001 Low
EPSS
Percentile
42.9%