Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

CVE-2022-24715

🗓️ 08 Mar 2022 00:00:00Reported by GitHub_MType 
cve
 cve🔗 web.nvd.nist.gov📰️ 1 Media mentions👁 126 Views🌐 WEB

Icinga Web 2 allows unauthorized SSH resource file creatio

Related
Detection
Affected
Refs
Paths
Social
ReporterTitlePublishedViews
Family
0day.today		Icinga Web 2.10 - Authenticated Remote Code Execution Exploit
15 Jul 202300:00
zdt
GithubExploit		Exploit for Path Traversal in Icinga Icinga_Web_2
20 Mar 202304:31
githubexploit
GithubExploit		Exploit for Path Traversal in Icinga Icinga_Web_2
8 Jul 202323:22
githubexploit
Circl		CVE-2022-24715
8 Mar 202222:40
circl
CNNVD		Icinga Web 2 路径遍历漏洞
8 Mar 202200:00
cnnvd
Cvelist		CVE-2022-24715 Arbitrary code execution for authenticated users in Icinga Web 2
8 Mar 202200:00
cvelist
Debian CVE		CVE-2022-24715
8 Mar 202200:00
debiancve
Exploit DB		Icinga Web 2.10 - Authenticated Remote Code Execution
15 Jul 202300:00
exploitdb
Tenable Nessus		GLSA-202208-05 : Icinga Web 2: Multiple Vulnerabilities
4 Aug 202200:00
nessus
Tenable Nessus		openSUSE 15 Security Update : icingaweb2 (openSUSE-SU-2022:0097-1)
1 Apr 202200:00
nessus
Rows per page
NVD
Vulners
Node
icingaicinga_web_2Range<2.8.6
OR
icingaicinga_web_2Range2.9.02.9.6
[
  {
    "vendor": "Icinga",
    "product": "icingaweb2",
    "versions": [
      {
        "version": "< 2.8.6",
        "status": "affected"
      },
      {
        "version": ">= 2.9.0, < 2.9.6",
        "status": "affected"
      }
    ]
  }
]
ParameterPositionPathDescriptionCWE
usernamerequest body/icingaweb2/authentication/loginAuthenticated login endpoint used to obtain a session for exploitation.CWE-22
passwordrequest body/icingaweb2/authentication/loginAuthenticated login endpoint used to obtain a session for exploitation.CWE-22
CSRFTokenrequest body/icingaweb2/authentication/loginAuthenticated login endpoint used to obtain a session for exploitation.CWE-22
formUIDrequest body/icingaweb2/authentication/loginAuthenticated login endpoint used to obtain a session for exploitation.CWE-22
btn_submitrequest body/icingaweb2/authentication/loginAuthenticated login endpoint used to obtain a session for exploitation.CWE-22
typerequest body/icingaweb2/config/createresourceCreate an SSH resource and upload a web shell enabling code execution.CWE-22
namerequest body/icingaweb2/config/createresourceCreate an SSH resource and upload a web shell enabling code execution.CWE-22
userrequest body/icingaweb2/config/createresourceCreate an SSH resource and upload a web shell enabling code execution.CWE-22
private_keyrequest body/icingaweb2/config/createresourceCreate an SSH resource and upload a web shell enabling code execution.CWE-22
formUIDrequest body/icingaweb2/config/createresourceCreate an SSH resource and upload a web shell enabling code execution.CWE-22
Rows per page

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
21 Nov 2024 06:50Current
8.7High risk
Vulners AI Score8.7
CVSS 26
CVSS 3.18.5 - 8.8
EPSS0.72512
SSVC
CWE-22
icinga web 2cve-2022-24715unauthorized accessssh resource filesecurity vulnerabilityconfiguration limit
126