Vulners
Lucene search
Linux Distros Unpatched Vulnerability : CVE-2024-24820
| Reporter | Title | Published | Views | Family All 16 |
|---|---|---|---|---|
 | CVE-2024-24820 | 9 Feb 202401:21 | – | circl |
 | Icinga Web 2 Cross-Site Request Forgery Vulnerability | 9 Feb 202400:00 | – | cnnvd |
 | CVE-2024-24820 | 9 Feb 202400:00 | – | cve |
 | CVE-2024-24820 Icinga Director configuration is susceptible to Cross-Site Request Forgery | 9 Feb 202400:00 | – | cvelist |
 | CVE-2024-24820 | 9 Feb 202400:00 | – | debiancve |
 | EUVD-2024-22190 | 3 Oct 202520:07 | – | euvd |
 | CVE-2024-24820 | 9 Feb 202400:15 | – | nvd |
 | CVE-2024-24820 Icinga Director configuration is susceptible to Cross-Site Request Forgery | 9 Feb 202400:00 | – | osv |
| DEBIAN-CVE-2024-24820 | 9 Feb 202400:15 | – | osv |
| UBUNTU-CVE-2024-24820 | 9 Feb 202400:15 | – | osv |
10
| Source | Link |
|---|---|
| security-tracker | www.security-tracker.debian.org/tracker/CVE-2024-24820 |
| ubuntu | www.ubuntu.com/security/CVE-2024-24820 |
| cve | www.cve.mitre.org/cgi-bin/cvename.cgi |
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##
include('compat.inc');
if (description)
{
script_id(227976);
script_version("1.4");
script_set_attribute(attribute:"plugin_modification_date", value:"2026/04/29");
script_cve_id("CVE-2024-24820");
script_name(english:"Linux Distros Unpatched Vulnerability : CVE-2024-24820");
script_set_attribute(attribute:"synopsis", value:
"The Linux/Unix host has one or more packages installed with a vulnerability that the vendor indicates will not be
patched.");
script_set_attribute(attribute:"description", value:
"The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied
patch available.
- Icinga Director is a tool designed to make Icinga 2 configuration handling easy. Not any of Icinga
Director's configuration forms used to manipulate the monitoring environment are protected against cross
site request forgery (CSRF). It enables attackers to perform changes in the monitoring environment managed
by Icinga Director without the awareness of the victim. Users of the map module in version 1.x, should
immediately upgrade to v2.0. The mentioned XSS vulnerabilities in Icinga Web are already fixed as well and
upgrades to the most recent release of the 2.9, 2.10 or 2.11 branch must be performed if not done yet. Any
later major release is also suitable. Icinga Director will receive minor updates to the 1.8, 1.9, 1.10 and
1.11 branches to remedy this issue. Upgrade immediately to a patched release. If that is not feasible,
disable the director module for the time being. (CVE-2024-24820)
Note that Nessus relies on the presence of the package as reported by the vendor.");
script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2024-24820");
script_set_attribute(attribute:"see_also", value:"https://ubuntu.com/security/CVE-2024-24820");
script_set_attribute(attribute:"solution", value:
"There is no known solution at this time.");
script_set_attribute(attribute:"agent", value:"unix");
script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N");
script_set_cvss_temporal_vector("CVSS2#E:POC/RL:U/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L");
script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:U/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2024-24820");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"vendor_unpatched", value:"true");
script_set_attribute(attribute:"vuln_publication_date", value:"2024/02/09");
script_set_attribute(attribute:"plugin_publication_date", value:"2025/03/05");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:20.04:-:lts");
script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:22.04:-:lts");
script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:24.04:-:lts");
script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:11.0");
script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:12.0");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:icingaweb2-module-director");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:icingaweb2-module-director");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Misc.");
script_copyright(english:"This script is Copyright (C) 2025-2026 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("set_linux_os_id.nasl", "ssh_get_info2.nasl");
script_require_keys("Host/OS/identifier", "Host/cpu", "Host/local_checks_enabled", "global_settings/vendor_unpatched");
script_require_ports("Host/OS/Debian Linux-11", "Host/OS/Debian Linux-12", "Host/OS/Ubuntu Linux-20.04", "Host/OS/Ubuntu Linux-22.04", "Host/OS/Ubuntu Linux-24.04");
exit(0);
}
if (!get_kb_item("global_settings/vendor_unpatched")) exit(0, "Unpatched Vulnerabilities Detection not active.");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (empty_or_null(get_one_kb_item("Host/Debian/dpkg-l"))) audit(AUDIT_PACKAGE_LIST_MISSING);
include('linux_unpatched.inc');
var distro_constraints_array = {
"Debian Linux-11": {
"package_manager": "dpkg-l",
"constraints": [
{
"release": "11",
"pkgs": [
{"reference": "icingaweb2-module-director"}
]
}
]
},
"Debian Linux-12": {
"package_manager": "dpkg-l",
"constraints": [
{
"release": "12",
"pkgs": [
{"reference": "icingaweb2-module-director"}
]
}
]
},
"Ubuntu Linux-20.04": {
"package_manager": "dpkg-l",
"constraints": [
{
"release": "20.04",
"pkgs": [
{"reference": "icingaweb2-module-director"}
]
}
]
},
"Ubuntu Linux-22.04": {
"package_manager": "dpkg-l",
"constraints": [
{
"release": "22.04",
"pkgs": [
{"reference": "icingaweb2-module-director"}
]
}
]
},
"Ubuntu Linux-24.04": {
"package_manager": "dpkg-l",
"constraints": [
{
"release": "24.04",
"pkgs": [
{"reference": "icingaweb2-module-director"}
]
}
]
}
};
var distro_constraints_values = linux_unpatched::get_distro_constraints(distro_constraints_arr:distro_constraints_array);
if (empty_or_null(distro_constraints_values)) audit(AUDIT_HOST_NOT, 'affected');
var report = linux_unpatched::check_unpatched_constraints(distro_constraints_values:distro_constraints_values);
if (!empty_or_null(report))
{
security_report_v4(
port : 0,
severity : SECURITY_WARNING,
extra : report
);
exit(0);
}
else
{
audit(AUDIT_HOST_NOT, 'affected');
}
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
29 Apr 2026 00:00Current
7.5High risk
Vulners AI Score7.5
CVSS 3.18.3
EPSS0.00069
SSVC