icinga2-2.15.2-1.1 on GA media (moderate)

icinga2-2.15.2-1.1 on GA media Announcement ID: openSUSE-SU-2026:10113-1 Rating: moderate Cross-References: CVE-2026-24413 CVSS scores: CVE-2026-24413 SUSE : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2026-24413 SUSE : 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N...

UBUNTU-CVE-2026-24413

Icinga 2 is an open source monitoring system. Starting in version 2.3.0 and prior to versions 2.13.14, 2.14.8, and 2.15.2, the Icinga 2 MSI did not set appropriate permissions for the %ProgramData%\icinga2\var folder on Windows. This resulted in the its contents - including the private key of the...

CVE-2026-24413 Icinga has insecure permission of %ProgramData%\icinga2\var on Windows

Icinga 2 is an open source monitoring system. Starting in version 2.3.0 and prior to versions 2.13.14, 2.14.8, and 2.15.2, the Icinga 2 MSI did not set appropriate permissions for the %ProgramData%\icinga2\var folder on Windows. This resulted in the its contents - including the private key of the...

CVE-2026-24413

CVE-2026-24413 involves the Icinga 2 Windows ACL issue where the folder at C:\ProgramData\icinga2\var could be readable by all local users, potentially exposing the private key and synced configuration. Affected range: Icinga 2 versions starting with 2.3.0 up to 2.13.14, 2.14.8, and 2.15.2 (these...

CVE-2026-24413 Icinga has insecure permission of %ProgramData%\icinga2\var on Windows

Icinga 2 is an open source monitoring system. Starting in version 2.3.0 and prior to versions 2.13.14, 2.14.8, and 2.15.2, the Icinga 2 MSI did not set appropriate permissions for the %ProgramData%\icinga2\var folder on Windows. This resulted in the its contents - including the private key of the...

OPENSUSE-SU-2026:10113-1 icinga2-2.15.2-1.1 on GA media

These are all security issues fixed in the icinga2-2.15.2-1.1 package on the GA media of openSUSE Tumbleweed...

SUSE SLES12 Security Update : icinga2 (SUSE-SU-2025:02783-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2025:02783-1 advisory. - CVE-2025-48057: A certificate incorrectly treated as valid can allow an attacker to impersonate a trusted node bsc1243747. Tenable has...

OPENSUSE-SU-2025:15644-1 icinga2-2.15.1-1.1 on GA media

These are all security issues fixed in the icinga2-2.15.1-1.1 package on the GA media of openSUSE Tumbleweed...

EUVD-2018-18288

Malware in sbrugna...

EUVD-2020-6171

Malware in sbrugna...

Linux Distros Unpatched Vulnerability : CVE-2025-48057

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Icinga 2 is a monitoring system which checks the availability of network resources, notifies users of outages, and generates performance data for reporting. Pri...

Linux Distros Unpatched Vulnerability : CVE-2020-14004

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in Icinga2 before v2.12.0-rc1. The prepare-dirs script run as part of the icinga2 systemd service executes chmod 2750 /run/icinga2/cmd...

Linux Distros Unpatched Vulnerability : CVE-2018-6536

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in Icinga 2.x through 2.8.1. The daemon creates an icinga2.pid file after dropping privileges to a non-root account, which might allow...

Security update for icinga2

This update for icinga2 fixes the following issues: CVE-2025-48057: A certificate incorrectly treated as valid can allow an attacker to impersonate a trusted node bsc1243747. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or...

CVE-2020-14004

An issue was discovered in Icinga2 before v2.12.0-rc1. The prepare-dirs script run as part of the icinga2 systemd service executes chmod 2750 /run/icinga2/cmd. /run/icinga2 is under control of an unprivileged user by default. If /run/icinga2/cmd is a symlink, then it will by followed and arbitrar...

openSUSE Security Advisory (openSUSE-SU-2024:0372-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

openSUSE 15 Security Update : icinga2 (openSUSE-SU-2024:0372-1)

The remote openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the openSUSE- SU-2024:0372-1 advisory. Update to 2.13.10: - CVE-2024-49369: Fix TLS certificate validation bypass bsc1233310. Tenable has extracted the preceding description block directly fro...

openSUSE 15 Security Update : icinga2 (openSUSE-SU-2024:0371-1)

The remote openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the openSUSE- SU-2024:0371-1 advisory. Update to 2.13.10: - CVE-2024-49369: Fix TLS certificate validation bypass bsc1233310. Tenable has extracted the preceding description block directly fro...

GLSA-202412-08 : icinga2: Multiple Vulnerabilities

The remote host is affected by the vulnerability described in GLSA-202412-08 icinga2: Multiple Vulnerabilities Multiple vulnerabilities have been discovered in Icinga2. Please review the CVE identifiers referenced below for details. Tenable has extracted the preceding description block directly...

icinga2: Multiple Vulnerabilities

Background Icinga2 is a distributed, general purpose, network monitoring engine. Description Multiple vulnerabilities have been discovered in Icinga2. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There ...