Vulnerabilidades en Icinga
28 resultadosCVE-2022-24716HIGHPath traversal in Icinga Web 2EPSS 89.4%CVE-2022-24715HIGHArbitrary code execution for authenticated users in Icinga Web 2EPSS 14.7%CVE-2024-49369CRITICALIcinga 2 has a TLS Certificate Validation Bypass for JSON-RPC and HTTP API ConnectionsEPSS 2.9%CVE-2021-32743HIGHPasswords used to access external services inadvertently exposed through APIEPSS 1.8%CVE-2021-37698HIGHMissing TLS service certificate validation in GelfWriter, ElasticsearchWriter, InfluxdbWriter and Influxdb2WriterEPSS 1.4%CVE-2021-32747MEDIUMCustom variable protection and blacklists can be circumventedEPSS 1.4%CVE-2021-32746MEDIUMPossible path traversal by use of the `doc` moduleEPSS 1.3%CVE-2022-24714MEDIUMDisclosure of hosts and related data, linked to decommissioned services in Icinga Web 2EPSS 1.2%CVE-2021-32739HIGHResults of queries for ApiListener objects include the ticket salt which allows in turn to steal (more privileged) identitiesEPSS 1.1%CVE-2025-27404HIGHIcinga Web 2 DOM-based XSS vulnerabilityEPSS 0.5%CVE-2025-61908HIGHIcinga 2 Denial of Service (DoS) By Dereferencing Invalid ReferenceEPSS 0.5%CVE-2025-48057CRITICALIcinga 2 certificate renewal might incorrectly renew an invalid certificateEPSS 0.4%CVE-2024-24820HIGHIcinga Director configuration is susceptible to Cross-Site Request ForgeryEPSS 0.4%CVE-2025-61907HIGHIcinga 2 API users could access restricted values in filter expressionsEPSS 0.4%CVE-2025-23203MEDIUMIcinga has rest API endpoints accessible to restricted usersEPSS 0.3%CVE-2025-61789MEDIUMIcinga DB Web hidden/protected custom variables are prone to filter enumerationEPSS 0.3%CVE-2025-27405HIGHIcinga Web 2 has XSS in embedded contentEPSS 0.3%CVE-2025-27406HIGHIcinga Reporting Stored XSS leads to SSRFEPSS 0.3%CVE-2025-53840LOWIcinga DB Web Exposure of Sensitive Information to an Unauthorized Actor vulnerabilityEPSS 0.3%CVE-2024-24819MEDIUMicingaweb2-module-incubator base implementation for HTML forms is susceptible to CSRFEPSS 0.3%