Insecure Access Control

Icinga Web 2 has insecure access control. Users may still have access to decommissioned service objects...

Icinga Web 2 < 2.8.6, 2.9.x < 2.9.6 Multiple Vulnerabilities

Icinga Web 2 is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:icinga:icingaweb2";...

UBUNTU-CVE-2022-24714

Icinga Web 2 is an open source monitoring web interface, framework and command-line interface. Installations of Icinga 2 with the IDO writer enabled are affected. If you use service custom variables in role restrictions, and you regularly decommission service objects, users with said roles may...

Design/Logic Flaw

Icinga Web 2 is an open source monitoring web interface, framework and command-line interface. Installations of Icinga 2 with the IDO writer enabled are affected. If you use service custom variables in role restrictions, and you regularly decommission service objects, users with said roles may...

CVE-2022-24714

CVE-2022-24714 affects Icinga Web 2 installations with the IDO writer enabled. The vulnerability stems from using service custom variables in role restrictions, which can allow users with specific roles to access a collection of content, if those roles granted access to hosts via at least one ser...

Information disclosure

The Cloud Controller in Cloud Foundry before 239 logs user-provided service objects at creation, which allows attackers to obtain sensitive user credential information via unspecified vectors...

CVE-2016-5006

The Cloud Controller in Cloud Foundry before 239 logs user-provided service objects at creation, which allows attackers to obtain sensitive user credential information via unspecified vectors...