Description
Cross-site request forgery (CSRF) vulnerability in cmd.cgi in Icinga 1.8.5, 1.9.4, 1.10.2, and earlier allows remote attackers to hijack the authentication of users for unspecified commands via unspecified vectors, as demonstrated by bypassing authentication requirements for CVE-2013-7106.
References (5)
Core 5
Core References
Vendor Advisory x_refsource_confirm
https://dev.icinga.org/issues/5346
Mailing List vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-updates/2014-02/msg00061.html
Vendor Advisory x_refsource_misc
https://dev.icinga.org/issues/5250
Vendor Advisory x_refsource_confirm
https://www.icinga.org/2013/12/17/icinga-security-releases-1-10-2-1-9-4-1-8-5/
Mailing List mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2013/12/16/4
Scores
EPSS
0.0101
EPSS Percentile
58.9%
Details
CWE
CWE-352
Status
published
Products (37)
icinga/icinga
0.8.0
icinga/icinga
0.8.1
icinga/icinga
0.8.2
icinga/icinga
0.8.3
icinga/icinga
0.8.4
icinga/icinga
1.0 (2 CPE variants)
icinga/icinga
1.0.1
icinga/icinga
1.0.2
icinga/icinga
1.0.3
icinga/icinga
1.2.0
... and 27 more
Published
Jan 15, 2014
Tracked Since
Feb 18, 2026