CVE-2022-24715 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2022-24715 Interim 1 5 2023-09-06T23:30:41Z current 2022-03-10T02:58:00Z 2023-09-06T23:30:41Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2022-24715 Icinga Web 2 is an open source monitoring web interface, framework and command-line interface. Authenticated users, with access to the configuration, can create SSH resource files in unintended directories, leading to the execution of arbitrary code. This issue has been resolved in versions 2.8.6, 2.9.6 and 2.10 of Icinga Web 2. Users unable to upgrade should limit access to the Icinga Web 2 configuration. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/GD5VHZVF4AMQ5DW6XK7XLRC3VYZWQGZW/ E-Mail link for openSUSE-SU-2022:0087-1 https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/IZ3SOPUOKOBQCVEVEU6YPIZRX5AB77WX/ E-Mail link for openSUSE-SU-2022:0097-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings SUSE Package Hub 12 SUSE Package Hub 15 SP3 openSUSE Leap 15.3 icingacli-2.8.6-15.1 icingacli-2.8.6-bp153.2.3.1 icingaweb2-2.8.6-15.1 icingaweb2-2.8.6-bp153.2.3.1 icingaweb2-common-2.8.6-15.1 icingaweb2-common-2.8.6-bp153.2.3.1 icingaweb2-vendor-HTMLPurifier-2.8.6-15.1 icingaweb2-vendor-HTMLPurifier-2.8.6-bp153.2.3.1 icingaweb2-vendor-JShrink-2.8.6-15.1 icingaweb2-vendor-JShrink-2.8.6-bp153.2.3.1 icingaweb2-vendor-Parsedown-2.8.6-15.1 icingaweb2-vendor-Parsedown-2.8.6-bp153.2.3.1 icingaweb2-vendor-dompdf-2.8.6-15.1 icingaweb2-vendor-dompdf-2.8.6-bp153.2.3.1 icingaweb2-vendor-lessphp-2.8.6-15.1 icingaweb2-vendor-lessphp-2.8.6-bp153.2.3.1 icingaweb2-vendor-zf1-2.8.6-15.1 icingaweb2-vendor-zf1-2.8.6-bp153.2.3.1 php-Icinga-2.8.6-15.1 php-Icinga-2.8.6-bp153.2.3.1 icingacli-2.8.6-15.1 as a component of SUSE Package Hub 12 icingaweb2-2.8.6-15.1 as a component of SUSE Package Hub 12 icingaweb2-common-2.8.6-15.1 as a component of SUSE Package Hub 12 icingaweb2-vendor-HTMLPurifier-2.8.6-15.1 as a component of SUSE Package Hub 12 icingaweb2-vendor-JShrink-2.8.6-15.1 as a component of SUSE Package Hub 12 icingaweb2-vendor-Parsedown-2.8.6-15.1 as a component of SUSE Package Hub 12 icingaweb2-vendor-dompdf-2.8.6-15.1 as a component of SUSE Package Hub 12 icingaweb2-vendor-lessphp-2.8.6-15.1 as a component of SUSE Package Hub 12 icingaweb2-vendor-zf1-2.8.6-15.1 as a component of SUSE Package Hub 12 php-Icinga-2.8.6-15.1 as a component of SUSE Package Hub 12 icingacli-2.8.6-bp153.2.3.1 as a component of SUSE Package Hub 15 SP3 icingaweb2-2.8.6-bp153.2.3.1 as a component of SUSE Package Hub 15 SP3 icingaweb2-common-2.8.6-bp153.2.3.1 as a component of SUSE Package Hub 15 SP3 icingaweb2-vendor-HTMLPurifier-2.8.6-bp153.2.3.1 as a component of SUSE Package Hub 15 SP3 icingaweb2-vendor-JShrink-2.8.6-bp153.2.3.1 as a component of SUSE Package Hub 15 SP3 icingaweb2-vendor-Parsedown-2.8.6-bp153.2.3.1 as a component of SUSE Package Hub 15 SP3 icingaweb2-vendor-dompdf-2.8.6-bp153.2.3.1 as a component of SUSE Package Hub 15 SP3 icingaweb2-vendor-lessphp-2.8.6-bp153.2.3.1 as a component of SUSE Package Hub 15 SP3 icingaweb2-vendor-zf1-2.8.6-bp153.2.3.1 as a component of SUSE Package Hub 15 SP3 php-Icinga-2.8.6-bp153.2.3.1 as a component of SUSE Package Hub 15 SP3 icingacli-2.8.6-bp153.2.3.1 as a component of openSUSE Leap 15.3 icingaweb2-2.8.6-bp153.2.3.1 as a component of openSUSE Leap 15.3 icingaweb2-common-2.8.6-bp153.2.3.1 as a component of openSUSE Leap 15.3 icingaweb2-vendor-HTMLPurifier-2.8.6-bp153.2.3.1 as a component of openSUSE Leap 15.3 icingaweb2-vendor-JShrink-2.8.6-bp153.2.3.1 as a component of openSUSE Leap 15.3 icingaweb2-vendor-Parsedown-2.8.6-bp153.2.3.1 as a component of openSUSE Leap 15.3 icingaweb2-vendor-dompdf-2.8.6-bp153.2.3.1 as a component of openSUSE Leap 15.3 icingaweb2-vendor-lessphp-2.8.6-bp153.2.3.1 as a component of openSUSE Leap 15.3 icingaweb2-vendor-zf1-2.8.6-bp153.2.3.1 as a component of openSUSE Leap 15.3 php-Icinga-2.8.6-bp153.2.3.1 as a component of openSUSE Leap 15.3 Icinga Web 2 is an open source monitoring web interface, framework and command-line interface. Authenticated users, with access to the configuration, can create SSH resource files in unintended directories, leading to the execution of arbitrary code. This issue has been resolved in versions 2.8.6, 2.9.6 and 2.10 of Icinga Web 2. Users unable to upgrade should limit access to the Icinga Web 2 configuration. CVE-2022-24715 SUSE Package Hub 12:icingacli-2.8.6-15.1 SUSE Package Hub 12:icingaweb2-2.8.6-15.1 SUSE Package Hub 12:icingaweb2-common-2.8.6-15.1 SUSE Package Hub 12:icingaweb2-vendor-HTMLPurifier-2.8.6-15.1 SUSE Package Hub 12:icingaweb2-vendor-JShrink-2.8.6-15.1 SUSE Package Hub 12:icingaweb2-vendor-Parsedown-2.8.6-15.1 SUSE Package Hub 12:icingaweb2-vendor-dompdf-2.8.6-15.1 SUSE Package Hub 12:icingaweb2-vendor-lessphp-2.8.6-15.1 SUSE Package Hub 12:icingaweb2-vendor-zf1-2.8.6-15.1 SUSE Package Hub 12:php-Icinga-2.8.6-15.1 SUSE Package Hub 15 SP3:icingacli-2.8.6-bp153.2.3.1 SUSE Package Hub 15 SP3:icingaweb2-2.8.6-bp153.2.3.1 SUSE Package Hub 15 SP3:icingaweb2-common-2.8.6-bp153.2.3.1 SUSE Package Hub 15 SP3:icingaweb2-vendor-HTMLPurifier-2.8.6-bp153.2.3.1 SUSE Package Hub 15 SP3:icingaweb2-vendor-JShrink-2.8.6-bp153.2.3.1 SUSE Package Hub 15 SP3:icingaweb2-vendor-Parsedown-2.8.6-bp153.2.3.1 SUSE Package Hub 15 SP3:icingaweb2-vendor-dompdf-2.8.6-bp153.2.3.1 SUSE Package Hub 15 SP3:icingaweb2-vendor-lessphp-2.8.6-bp153.2.3.1 SUSE Package Hub 15 SP3:icingaweb2-vendor-zf1-2.8.6-bp153.2.3.1 SUSE Package Hub 15 SP3:php-Icinga-2.8.6-bp153.2.3.1 openSUSE Leap 15.3:icingacli-2.8.6-bp153.2.3.1 openSUSE Leap 15.3:icingaweb2-2.8.6-bp153.2.3.1 openSUSE Leap 15.3:icingaweb2-common-2.8.6-bp153.2.3.1 openSUSE Leap 15.3:icingaweb2-vendor-HTMLPurifier-2.8.6-bp153.2.3.1 openSUSE Leap 15.3:icingaweb2-vendor-JShrink-2.8.6-bp153.2.3.1 openSUSE Leap 15.3:icingaweb2-vendor-Parsedown-2.8.6-bp153.2.3.1 openSUSE Leap 15.3:icingaweb2-vendor-dompdf-2.8.6-bp153.2.3.1 openSUSE Leap 15.3:icingaweb2-vendor-lessphp-2.8.6-bp153.2.3.1 openSUSE Leap 15.3:icingaweb2-vendor-zf1-2.8.6-bp153.2.3.1 openSUSE Leap 15.3:php-Icinga-2.8.6-bp153.2.3.1 important 6 AV:N/AC:M/Au:S/C:P/I:P/A:P 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H