2 matches found
CVE-2025-53840
Icinga DB Web contains an exposure in versions 1.2.0–1.2.1 where users with access to Dependency Views could see hosts and services they should not, due to improper access control on dependency views (filter/hosts and filter/services). The object name is not revealed and access to a host or servi...
CVE-2025-61789
Icinga DB Web (before 1.1.4 and 1.2.3) allows an authorized user to use a custom variable in a filter that is protected or hidden to guess its values; versions 1.1.4 and 1.2.3 return an error when such a variable is used. Affected product: Icinga DB Web; root cause: filter-enumeration of hidden/p...