Description
Icinga Icinga Web2 2.0.0 through 2.6.4, 2.7.4 and 2.8.2 has a Directory Traversal vulnerability which allows an attacker to access arbitrary files that are readable by the process running Icinga Web 2. This issue is fixed in Icinga Web 2 in v2.6.4, v2.7.4 and v2.8.2.
References (7)
Core 7
Core References
Release Notes, Third Party Advisory x_refsource_misc
https://github.com/Icinga/icingaweb2/blob/master/CHANGELOG.md
Exploit, Issue Tracking, Third Party Advisory x_refsource_misc
https://github.com/Icinga/icingaweb2/issues/4226
Vendor Advisory x_refsource_confirm
https://icinga.com/2020/08/19/icinga-web-security-release-v2-6-4-v2-7-4-and-v2-8-2/
Third Party Advisory vendor-advisory
x_refsource_debian
https://www.debian.org/security/2020/dsa-4747
Mailing List, Third Party Advisory mailing-list
x_refsource_mlist
https://lists.debian.org/debian-lts-announce/2020/08/msg00040.html
Mailing List, Third Party Advisory vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00026.html
Third Party Advisory vendor-advisory
x_refsource_gentoo
https://security.gentoo.org/glsa/202208-05
Scores
CVSS v3
7.5
EPSS
0.0171
EPSS Percentile
82.6%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Details
CWE
CWE-22
Status
published
Products (4)
debian/debian_linux
9.0
debian/debian_linux
10
icinga/icinga_web_2
2.0.0 - 2.6.4
suse/package_hub
Published
Aug 19, 2020
Tracked Since
Feb 18, 2026