etc/initsystem/prepare-dirs in Icinga 2.x through 2.8.1 has a chown call for a filename in a user-writable directory, which allows local users to gain privileges by leveraging access to the $ICINGA2_USER account for creation of a link.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Debian | 12 | all | icinga2 | < 2.8.4-1 | icinga2_2.8.4-1_all.deb |
Debian | 11 | all | icinga2 | < 2.8.4-1 | icinga2_2.8.4-1_all.deb |
Debian | 10 | all | icinga2 | < 2.8.4-1 | icinga2_2.8.4-1_all.deb |
Debian | 999 | all | icinga2 | < 2.8.4-1 | icinga2_2.8.4-1_all.deb |
Debian | 13 | all | icinga2 | < 2.8.4-1 | icinga2_2.8.4-1_all.deb |