CVE-2020-24368
Description
Icinga Icinga Web2 2.0.0 through 2.6.4, 2.7.4 and 2.8.2 has a Directory Traversal vulnerability which allows an attacker to access arbitrary files that are readable by the process running Icinga Web 2. This issue is fixed in Icinga Web 2 in v2.6.4, v2.7.4 and v2.8.2.
Risk Information
Base Score
7.5
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS Score
Exploitation Probability
2.228
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Vulnerabilities CVE-2020-24368 are affected in Icinga 2 (x64) 2.6.3 | Windows |
| Vulnerabilities CVE-2020-24368 are affected in Icinga 2 (x64) 2.7.3 | Windows |
| Vulnerabilities CVE-2020-24368 are affected in Icinga 2 (x64) 2.8.1 | Windows |
| Vulnerabilities CVE-2020-24368 are affected in Icinga 2 2.6.3 | Windows |
| Vulnerabilities CVE-2020-24368 are affected in Icinga 2 2.7.3 | Windows |
| Vulnerabilities CVE-2020-24368 are affected in Icinga 2 2.8.1 | Windows |
| icingaweb2 security update(DSA-4747-1) icingaweb2_2.6.2-3+deb10u1_all.deb | Linux |
Patch Details
Click to see the patches provided by ManageEngine for this CVE
| Patch ID | Patch Description |
|---|---|
| PATCH-349001 | Icinga 2 (x64) (2.15.0) |
| PATCH-349001 | Icinga 2 (x64) (2.15.0) |
| PATCH-349001 | Icinga 2 (x64) (2.15.0) |
| PATCH-349000 | Icinga 2 (2.15.0) |
| PATCH-349000 | Icinga 2 (2.15.0) |
| PATCH-349000 | Icinga 2 (2.15.0) |
References
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234