rpm package
opensuse/icinga2&distro=openSUSE Tumbleweed
pkg:rpm/opensuse/icinga2&distro=openSUSE%20Tumbleweed
Vulnerabilities (13)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2026-24413 | — | < 2.15.2-1.1 | 2.15.2-1.1 | Jan 29, 2026 | Icinga 2 is an open source monitoring system. Starting in version 2.3.0 and prior to versions 2.13.14, 2.14.8, and 2.15.2, the Icinga 2 MSI did not set appropriate permissions for the `%ProgramData%\icinga2\var` folder on Windows. This resulted in the its contents - including the | ||
| CVE-2025-61909 | — | < 2.15.1-1.1 | 2.15.1-1.1 | Oct 16, 2025 | Icinga 2 is an open source monitoring system. From 2.10.0 to before 2.15.1, 2.14.7, and 2.13.13, the safe-reload script (also used during systemctl reload icinga2) and logrotate configuration shipped with Icinga 2 read the PID of the main Icinga 2 process from a PID file writable | ||
| CVE-2025-61908 | — | < 2.15.1-1.1 | 2.15.1-1.1 | Oct 16, 2025 | Icinga 2 is an open source monitoring system. From 2.10.0 to before 2.15.1, 2.14.7, and 2.13.13, when creating an invalid reference, such as a reference to null, dereferencing results in a segmentation fault. This can be used by any API user with access to an API endpoint that al | ||
| CVE-2025-61907 | — | < 2.15.1-1.1 | 2.15.1-1.1 | Oct 16, 2025 | Icinga 2 is an open source monitoring system. In Icinga 2 versions 2.4 through 2.15.0, filter expressions provided to the various /v1/objects endpoints could access variables or objects that would otherwise be inaccessible for the user. This allows authenticated API users to lear | ||
| CVE-2025-48057 | — | < 2.14.6-1.1 | 2.14.6-1.1 | May 27, 2025 | Icinga 2 is a monitoring system which checks the availability of network resources, notifies users of outages, and generates performance data for reporting. Prior to versions 2.12.12, 2.13.12, and 2.14.6, the VerifyCertificate() function can be tricked into incorrectly treating c | ||
| CVE-2024-49369 | — | < 2.14.3-1.1 | 2.14.3-1.1 | Nov 12, 2024 | Icinga is a monitoring system which checks the availability of network resources, notifies users of outages, and generates performance data for reporting. The TLS certificate validation in all Icinga 2 versions starting from 2.4.0 was flawed, allowing an attacker to impersonate b | ||
| CVE-2021-37698 | — | < 2.13.1-1.3 | 2.13.1-1.3 | Aug 19, 2021 | Icinga is a monitoring system which checks the availability of network resources, notifies users of outages, and generates performance data for reporting. In versions 2.5.0 through 2.13.0, ElasticsearchWriter, GelfWriter, InfluxdbWriter and Influxdb2Writer do not verify the serve | ||
| CVE-2021-32743 | — | < 2.13.1-1.3 | 2.13.1-1.3 | Jul 15, 2021 | Icinga is a monitoring system which checks the availability of network resources, notifies users of outages, and generates performance data for reporting. In versions prior to 2.11.10 and from version 2.12.0 through version 2.12.4, some of the Icinga 2 features that require crede | ||
| CVE-2021-32739 | — | < 2.13.1-1.3 | 2.13.1-1.3 | Jul 15, 2021 | Icinga is a monitoring system which checks the availability of network resources, notifies users of outages, and generates performance data for reporting. From version 2.4.0 through version 2.12.4, a vulnerability exists that may allow privilege escalation for authenticated API u | ||
| CVE-2020-29663 | — | < 2.13.1-1.3 | 2.13.1-1.3 | Dec 15, 2020 | Icinga 2 v2.8.0 through v2.11.7 and v2.12.2 has an issue where revoked certificates due for renewal will automatically be renewed, ignoring the CRL. This issue is fixed in Icinga 2 v2.11.8 and v2.12.3. | ||
| CVE-2020-14004 | — | < 2.13.1-1.3 | 2.13.1-1.3 | Jun 12, 2020 | An issue was discovered in Icinga2 before v2.12.0-rc1. The prepare-dirs script (run as part of the icinga2 systemd service) executes chmod 2750 /run/icinga2/cmd. /run/icinga2 is under control of an unprivileged user by default. If /run/icinga2/cmd is a symlink, then it will by fo | ||
| CVE-2018-6534 | Med | 6.5 | < 2.13.1-1.3 | 2.13.1-1.3 | Feb 27, 2018 | An issue was discovered in Icinga 2.x through 2.8.1. By sending specially crafted messages, an attacker can cause a NULL pointer dereference, which can cause the product to crash. | |
| CVE-2017-16933 | Hig | 7.0 | < 2.13.1-1.3 | 2.13.1-1.3 | Nov 24, 2017 | etc/initsystem/prepare-dirs in Icinga 2.x through 2.8.1 has a chown call for a filename in a user-writable directory, which allows local users to gain privileges by leveraging access to the $ICINGA2_USER account for creation of a link. |
- CVE-2026-24413Jan 29, 2026affected < 2.15.2-1.1fixed 2.15.2-1.1
Icinga 2 is an open source monitoring system. Starting in version 2.3.0 and prior to versions 2.13.14, 2.14.8, and 2.15.2, the Icinga 2 MSI did not set appropriate permissions for the `%ProgramData%\icinga2\var` folder on Windows. This resulted in the its contents - including the
- CVE-2025-61909Oct 16, 2025affected < 2.15.1-1.1fixed 2.15.1-1.1
Icinga 2 is an open source monitoring system. From 2.10.0 to before 2.15.1, 2.14.7, and 2.13.13, the safe-reload script (also used during systemctl reload icinga2) and logrotate configuration shipped with Icinga 2 read the PID of the main Icinga 2 process from a PID file writable
- CVE-2025-61908Oct 16, 2025affected < 2.15.1-1.1fixed 2.15.1-1.1
Icinga 2 is an open source monitoring system. From 2.10.0 to before 2.15.1, 2.14.7, and 2.13.13, when creating an invalid reference, such as a reference to null, dereferencing results in a segmentation fault. This can be used by any API user with access to an API endpoint that al
- CVE-2025-61907Oct 16, 2025affected < 2.15.1-1.1fixed 2.15.1-1.1
Icinga 2 is an open source monitoring system. In Icinga 2 versions 2.4 through 2.15.0, filter expressions provided to the various /v1/objects endpoints could access variables or objects that would otherwise be inaccessible for the user. This allows authenticated API users to lear
- CVE-2025-48057May 27, 2025affected < 2.14.6-1.1fixed 2.14.6-1.1
Icinga 2 is a monitoring system which checks the availability of network resources, notifies users of outages, and generates performance data for reporting. Prior to versions 2.12.12, 2.13.12, and 2.14.6, the VerifyCertificate() function can be tricked into incorrectly treating c
- CVE-2024-49369Nov 12, 2024affected < 2.14.3-1.1fixed 2.14.3-1.1
Icinga is a monitoring system which checks the availability of network resources, notifies users of outages, and generates performance data for reporting. The TLS certificate validation in all Icinga 2 versions starting from 2.4.0 was flawed, allowing an attacker to impersonate b
- CVE-2021-37698Aug 19, 2021affected < 2.13.1-1.3fixed 2.13.1-1.3
Icinga is a monitoring system which checks the availability of network resources, notifies users of outages, and generates performance data for reporting. In versions 2.5.0 through 2.13.0, ElasticsearchWriter, GelfWriter, InfluxdbWriter and Influxdb2Writer do not verify the serve
- CVE-2021-32743Jul 15, 2021affected < 2.13.1-1.3fixed 2.13.1-1.3
Icinga is a monitoring system which checks the availability of network resources, notifies users of outages, and generates performance data for reporting. In versions prior to 2.11.10 and from version 2.12.0 through version 2.12.4, some of the Icinga 2 features that require crede
- CVE-2021-32739Jul 15, 2021affected < 2.13.1-1.3fixed 2.13.1-1.3
Icinga is a monitoring system which checks the availability of network resources, notifies users of outages, and generates performance data for reporting. From version 2.4.0 through version 2.12.4, a vulnerability exists that may allow privilege escalation for authenticated API u
- CVE-2020-29663Dec 15, 2020affected < 2.13.1-1.3fixed 2.13.1-1.3
Icinga 2 v2.8.0 through v2.11.7 and v2.12.2 has an issue where revoked certificates due for renewal will automatically be renewed, ignoring the CRL. This issue is fixed in Icinga 2 v2.11.8 and v2.12.3.
- CVE-2020-14004Jun 12, 2020affected < 2.13.1-1.3fixed 2.13.1-1.3
An issue was discovered in Icinga2 before v2.12.0-rc1. The prepare-dirs script (run as part of the icinga2 systemd service) executes chmod 2750 /run/icinga2/cmd. /run/icinga2 is under control of an unprivileged user by default. If /run/icinga2/cmd is a symlink, then it will by fo
- affected < 2.13.1-1.3fixed 2.13.1-1.3
An issue was discovered in Icinga 2.x through 2.8.1. By sending specially crafted messages, an attacker can cause a NULL pointer dereference, which can cause the product to crash.
- affected < 2.13.1-1.3fixed 2.13.1-1.3
etc/initsystem/prepare-dirs in Icinga 2.x through 2.8.1 has a chown call for a filename in a user-writable directory, which allows local users to gain privileges by leveraging access to the $ICINGA2_USER account for creation of a link.