CVE-2024-41811

2024-08-0521:15:38

CWE-352

GitHub_M

web.nvd.nist.gov

icinga

web components

csrf

vulnerability

upgrade

icinga-php-library

CVSS3

3.9

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:L

AI Score

4.2

Confidence

High

EPSS

Percentile

9.4%

JSON

ipl/web is a set of common web components for php projects. Some of the recent development by Icinga is, under certain circumstances, susceptible to cross site request forgery. (CSRF). All affected products, in any version, will be unaffected by this once icinga-php-library is upgraded. Version 0.10.1 includes a fix for this. It will be published as part of the icinga-php-library v0.14.1 release.

Affected configurations

Vulners

Node

icingaicinga_web_2Range<0.10.1

VendorProductVersionCPE
icingaicinga_web_2*cpe:2.3:a:icinga:icinga_web_2:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
icinga	icinga_web_2	*	cpe:2.3:a:icinga:icinga_web_2::::::::

CNA Affected

[
  {
    "vendor": "Icinga",
    "product": "ipl-web",
    "versions": [
      {
        "version": "< 0.10.1",
        "status": "affected"
      }
    ]
  }
]