Unrated severityNVD Advisory· Published Mar 8, 2022· Updated Apr 23, 2025

Arbitrary code execution for authenticated users in Icinga Web 2

CVE-2022-24715

Description

Icinga Web 2 is an open source monitoring web interface, framework and command-line interface. Authenticated users, with access to the configuration, can create SSH resource files in unintended directories, leading to the execution of arbitrary code. This issue has been resolved in versions 2.8.6, 2.9.6 and 2.10 of Icinga Web 2. Users unable to upgrade should limit access to the Icinga Web 2 configuration.

Affected products

Icinga/Icingaweb2v5
Range: < 2.8.6

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

security.gentoo.org/glsa/202208-05mitrevendor-advisory
packetstormsecurity.com/files/173516/Icinga-Web-2.10-Remote-Code-Execution.htmlmitre
github.com/Icinga/icingaweb2/commit/a06d915467ca943a4b406eb9587764b8ec34cafbmitre
github.com/Icinga/icingaweb2/security/advisories/GHSA-v9mv-h52f-7g63mitre

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.058
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000