20 matches found
FreeBSD : Hidden/Protected custom variables are prone to filter enumeration (4553e4b3-addf-11f0-9b8d-40a6b7c3b3b8)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 4553e4b3-addf-11f0-9b8d-40a6b7c3b3b8 advisory. Icinga reports: An authorized user with access to Icinga DB Web, can use a custom variable in a filter...
CVE-2025-61789
Icinga DB Web provides a graphical interface for Icinga monitoring. Before 1.1.4 and 1.2.3, an authorized user with access to Icinga DB Web, can use a custom variable in a filter that is either protected by icingadb/protect/variables or hidden by icingadb/denylist/variables, to guess values...
DEBIAN-CVE-2025-61789
Icinga DB Web provides a graphical interface for Icinga monitoring. Before 1.1.4 and 1.2.3, an authorized user with access to Icinga DB Web, can use a custom variable in a filter that is either protected by icingadb/protect/variables or hidden by icingadb/denylist/variables, to guess values...
CVE-2025-61789
Icinga DB Web provides a graphical interface for Icinga monitoring. Before 1.1.4 and 1.2.3, an authorized user with access to Icinga DB Web, can use a custom variable in a filter that is either protected by icingadb/protect/variables or hidden by icingadb/denylist/variables, to guess values...
CVE-2025-61789 Icinga DB Web hidden/protected custom variables are prone to filter enumeration
Icinga DB Web provides a graphical interface for Icinga monitoring. Before 1.1.4 and 1.2.3, an authorized user with access to Icinga DB Web, can use a custom variable in a filter that is either protected by icingadb/protect/variables or hidden by icingadb/denylist/variables, to guess values...
CVE-2025-61789 Icinga DB Web hidden/protected custom variables are prone to filter enumeration
Icinga DB Web provides a graphical interface for Icinga monitoring. Before 1.1.4 and 1.2.3, an authorized user with access to Icinga DB Web, can use a custom variable in a filter that is either protected by icingadb/protect/variables or hidden by icingadb/denylist/variables, to guess values...
EUVD-2025-34795
Icinga DB Web provides a graphical interface for Icinga monitoring. Before 1.1.4 and 1.2.3, an authorized user with access to Icinga DB Web, can use a custom variable in a filter that is either protected by icingadb/protect/variables or hidden by icingadb/denylist/variables, to guess values...
CVE-2025-61789
Icinga DB Web (before 1.1.4 and 1.2.3) allows an authorized user to use a custom variable in a filter that is protected or hidden to guess its values; versions 1.1.4 and 1.2.3 return an error when such a variable is used. Affected product: Icinga DB Web; root cause: filter-enumeration of hidden/p...
CVE-2025-61789 Icinga DB Web hidden/protected custom variables are prone to filter enumeration
Icinga DB Web provides a graphical interface for Icinga monitoring. Before 1.1.4 and 1.2.3, an authorized user with access to Icinga DB Web, can use a custom variable in a filter that is either protected by icingadb/protect/variables or hidden by icingadb/denylist/variables, to guess values...
PT-2025-42499
Name of the Vulnerable Software and Affected Versions Icinga DB Web versions prior to 1.1.4 Icinga DB Web versions prior to 1.2.3 Description Icinga DB Web offers a graphical interface for Icinga monitoring. An authorized user with access to Icinga DB Web can utilize a custom variable within a...
Hidden/Protected custom variables are prone to filter enumeration
Icinga reports: An authorized user with access to Icinga DB Web, can use a custom variable in a filter that is either protected by icingadb/protect/variables or hidden by icingadb/denylist/variables, to guess values assigned to it...
EUVD-2025-21706
Malicious code in bioql PyPI...
CVE-2025-53840
Icinga DB Web provides a graphical interface for Icinga monitoring. Starting in version 1.2.0 and prior to version 1.2.2, users with access to Icinga Dependency Views, are allowed to see hosts and services that they weren't meant to on the dependency map. However, the name of an object will not b...
CVE-2025-53840
Icinga DB Web provides a graphical interface for Icinga monitoring. Starting in version 1.2.0 and prior to version 1.2.2, users with access to Icinga Dependency Views, are allowed to see hosts and services that they weren't meant to on the dependency map. However, the name of an object will not b...
CVE-2025-53840 Icinga DB Web Exposure of Sensitive Information to an Unauthorized Actor vulnerability
Icinga DB Web provides a graphical interface for Icinga monitoring. Starting in version 1.2.0 and prior to version 1.2.2, users with access to Icinga Dependency Views, are allowed to see hosts and services that they weren't meant to on the dependency map. However, the name of an object will not b...
CVE-2025-53840 Icinga DB Web Exposure of Sensitive Information to an Unauthorized Actor vulnerability
Icinga DB Web provides a graphical interface for Icinga monitoring. Starting in version 1.2.0 and prior to version 1.2.2, users with access to Icinga Dependency Views, are allowed to see hosts and services that they weren't meant to on the dependency map. However, the name of an object will not b...
CVE-2025-53840
Icinga DB Web contains an exposure in versions 1.2.0–1.2.1 where users with access to Dependency Views could see hosts and services they should not, due to improper access control on dependency views (filter/hosts and filter/services). The object name is not revealed and access to a host or servi...
CVE-2025-53840 Icinga DB Web Exposure of Sensitive Information to an Unauthorized Actor vulnerability
Icinga DB Web provides a graphical interface for Icinga monitoring. Starting in version 1.2.0 and prior to version 1.2.2, users with access to Icinga Dependency Views, are allowed to see hosts and services that they weren't meant to on the dependency map. However, the name of an object will not b...
PT-2025-29826
Name of the Vulnerable Software and Affected Versions Icinga DB Web versions 1.2.0 through 1.2.1 Description Icinga DB Web, a graphical interface for Icinga monitoring, allows users with access to Icinga Dependency Views to view hosts and services they are not authorized to access on the dependen...
GHSA-W9PG-7C3H-FC8J ipl/web's `ipl\Web\Common\CsrfCounterMeasure` is susceptible to CSRF
Impact Some of the recent development by Icinga is, under certain circumstances, susceptible to cross site request forgery. CSRF Affected products: Icinga Web =2.12.0 Icinga DB Web =1.0.0 Icinga Notifications Web =0.1.0 Icinga Web JIRA Integration =1.3.0 All affected products, in any version, wil...