CVE-2024-24820 — Cross-Site Request Forgery in Icinga

CWE-352 — Cross-Site Request Forgery4 documents4 sources

Severity

8.3HIGHNVD

EPSS

0.1%

top 78.70%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Icinga Icingaweb2-module-director Icinga

Timeline

PublishedFeb 9

Description

Icinga Director is a tool designed to make Icinga 2 configuration handling easy. Not any of Icinga Director's configuration forms used to manipulate the monitoring environment are protected against cross site request forgery (CSRF). It enables attackers to perform changes in the monitoring environment managed by Icinga Director without the awareness of the victim. Users of the map module in version 1.x, should immediately upgrade to v2.0. The mentioned XSS vulnerabilities in Icinga Web are alrea…

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:LExploitability: 2.8 | Impact: 5.5

Affected Packages3 packages

▶Debianicinga/icingaweb2-module-director< 1.11.1-1+1

▶CVEListV5icinga/icingaweb2-module-director4 versions+3

▶NVDicinga/icinga1.0.0 — 1.8.2+3

🔴Vulnerability Details

OSV

CVE-2024-24820: Icinga Director is a tool designed to make Icinga 2 configuration handling easy↗2024-02-09

▶

CVEList

Icinga Director configuration is susceptible to Cross-Site Request Forgery↗2024-02-09

▶

📋Vendor Advisories

Debian

CVE-2024-24820: icingaweb2-module-director - Icinga Director is a tool designed to make Icinga 2 configuration handling easy....↗2024

▶