CVE-2021-32739

🗓️ 15 Jul 2021 15:15:00Reported by ubuntu.comType

ubuntucve

ubuntucve🔗 ubuntu.com👁 24 Views

Icinga monitoring system privilege escalation vulnerabilit

Reporter	Title	Published	Views	Family All 34
CNNVD	Icinga 安全漏洞	15 Jul 202100:00	–	cnnvd
CVE	CVE-2021-32739	15 Jul 202114:55	–	cve
Cvelist	CVE-2021-32739 Results of queries for ApiListener objects include the ticket salt which allows in turn to steal (more privileged) identities	15 Jul 202114:55	–	cvelist
Debian	[SECURITY] [DLA 2816-1] icinga2 security update	10 Nov 202121:42	–	debian
Debian	[SECURITY] [DLA 3953-1] icinga2 security update	15 Nov 202423:25	–	debian
Debian CVE	CVE-2021-32739	15 Jul 202114:55	–	debiancve
Tenable Nessus	Debian DLA-2816-1 : icinga2 - LTS security update	11 Nov 202100:00	–	nessus
Tenable Nessus	Debian dla-3953 : icinga2 - security update	18 Nov 202400:00	–	nessus
Tenable Nessus	GLSA-202412-08 : icinga2: Multiple Vulnerabilities	9 Dec 202400:00	–	nessus
Tenable Nessus	openSUSE 15 Security Update : icinga2 (openSUSE-SU-2021:1089-1)	25 Jul 202100:00	–	nessus

OS	OS Version	Architecture	Package	Package Version	Filename
Ubuntu	18.04	any	icinga2	0	icinga2_0_any.deb
Ubuntu	20.04	any	icinga2	0	icinga2_0_any.deb
Ubuntu	22.04	any	icinga2	0	icinga2_0_any.deb
Ubuntu	24.04	any	icinga2	0	icinga2_0_any.deb
Ubuntu	25.10	any	icinga2	0	icinga2_0_any.deb
Ubuntu	26.04	any	icinga2	0	icinga2_0_any.deb

Source	Link
icinga	www.icinga.com/blog/2021/07/15/releasing-icinga-2-12-5-and-2-11-10/
github	www.github.com/Icinga/icinga2/security/advisories/GHSA-98wp-jc6q-x5q5
icinga	www.icinga.com/blog/2021/07/02/releasing-icinga-2-12-5-2-11-10/
cve	www.cve.org/CVERecord

11 Jul 2025 07:47Current

7.1High risk

Vulners AI Score7.1

CVSS 26.5

CVSS 3.18.8

EPSS0.00297

icinga monitoring system privilege escalation authenticated api vulnerability version 2.4.0 version 2.12.4 ticket_salt apilistener credentials certificate identity theft fix version 2.12.5 version 2.11.10 workaround queryable types unix