CVE-2022-24716
HIGH EXPLOITED NUCLEIIcinga Web 2 <2.9.5 - Info Disclosure
Title source: llmExploitation Summary
CVE-2022-24716 has been observed exploited in the wild (reported by VulnCheck KEV).
EIP tracks 9 public exploits from researchers including Jacob Ebben, JacobEbben, 0x0Jackal, including a Metasploit module auxiliary/scanner/http/icinga_static_library_file_directory_traversal.
A Nuclei detection template is also available.
AI-analyzed exploit summary This exploit leverages a path traversal vulnerability in Icinga Web 2 to disclose arbitrary files. It constructs a malicious URL to access files outside the intended directory, bypassing access controls.
Description
Icinga Web 2 is an open source monitoring web interface, framework and command-line interface. Unauthenticated users can leak the contents of files of the local system accessible to the web-server user, including `icingaweb2` configuration files with database credentials. This issue has been resolved in versions 2.9.6 and 2.10 of Icinga Web 2. Database credentials should be rotated.
Exploits (9)
This exploit leverages a path traversal vulnerability in Icinga Web 2 to disclose arbitrary files. It constructs a malicious URL to access files outside the intended directory, bypassing access controls.
This exploit leverages a path traversal vulnerability in Icinga Web 2 to disclose arbitrary files. It constructs a malicious URL to access files outside the intended directory, confirming the vulnerability by fetching the file content.
The repository contains a functional Python script that exploits CVE-2022-24716, an arbitrary file disclosure vulnerability in Icinga Web 2. The script sends a crafted HTTP request to read sensitive files (e.g., /etc/passwd) by appending the file path to a vulnerable endpoint.
This PoC exploits an arbitrary file disclosure vulnerability in Icinga Web 2 by crafting a URL to access sensitive files (e.g., /etc/passwd) without authentication. It checks for the presence of 'root:x:' in the response to confirm vulnerability.
This Go-based exploit demonstrates arbitrary file disclosure in Icinga Web 2 versions <2.8.6, <2.9.6, and <2.10 by leveraging a path traversal vulnerability in the `/icingaweb2/lib/icinga/icinga-php-thirdparty` endpoint.
This PoC exploits an arbitrary file disclosure vulnerability in Icinga Web 2 by crafting a URL to access files accessible to the web server user. It sends a GET request to the target URL and retrieves the content of the specified file.
This exploit leverages a path traversal vulnerability in Icinga Web 2 to disclose arbitrary files. The script sends a crafted HTTP request to read files from the server without authentication.
This repository contains a functional Python exploit for CVE-2022-24716, an arbitrary file disclosure vulnerability in Icinga Web 2 versions <2.8.6, <2.9.6, and <2.10. The exploit constructs a path traversal URL to retrieve sensitive files from the target system.
This Metasploit module exploits an unauthenticated directory traversal vulnerability in Icingaweb versions 2.9.0-2.9.5 and 2.8.0-2.8.5. It allows arbitrary file retrieval via a crafted GET request to the icinga-php-thirdparty library endpoint.
Nuclei Templates (1)
title:"Icinga" || http.title:"icinga" || http.title:"icinga web 2 login"
title="icinga web 2 login" || title="icinga"
References (4)
Scores
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N