CVE-2018-18250 — Injection in WEB 2

CWE-74 — Injection6 documents6 sources

Severity

7.5HIGHNVD

EPSS

0.2%

top 53.03%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Icinga Icingaweb2 Icinga WEB 2

Timeline

PublishedDec 17

Latest updateMay 13

Description

Icinga Web 2 before 2.6.2 allows parameters that break navigation dashlets, as demonstrated by a single '$' character as the Name of a Navigation item.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

▶NVDicinga/icinga_web_2< 2.6.2

▶Debianicinga/icingaweb2< 2.6.2-1+3

🔴Vulnerability Details

GHSA

GHSA-64hj-h2vf-7vhp: Icinga Web 2 before 2↗2022-05-13

▶

OSV

CVE-2018-18250: Icinga Web 2 before 2↗2018-12-17

▶

CVEList

CVE-2018-18250: Icinga Web 2 before 2↗2018-12-17

▶

📋Vendor Advisories

Debian

CVE-2018-18250: icingaweb2 - Icinga Web 2 before 2.6.2 allows parameters that break navigation dashlets, as d...↗2018

▶