Oval Definition:oval:org.opensuse.security:def:202224715
Revision Date:2022-05-25Version:1
Title:CVE-2022-24715
Description:

Icinga Web 2 is an open source monitoring web interface, framework and command-line interface. Authenticated users, with access to the configuration, can create SSH resource files in unintended directories, leading to the execution of arbitrary code. This issue has been resolved in versions 2.8.6, 2.9.6 and 2.10 of Icinga Web 2. Users unable to upgrade should limit access to the Icinga Web 2 configuration.
Family:unixClass:vulnerability
Status:Reference(s):Mitre CVE-2022-24715
SUSE CVE-2022-24715
openSUSE-SU-2022:0087-1
openSUSE-SU-2022:0097-1
Platform(s):openSUSE Leap 15.3
Product(s):
Definition Synopsis
  • openSUSE Leap 15.3 is installed
  • AND Package Information
  • icingacli-2.8.6-bp153.2.3.1 is installed
  • AND icingacli is signed with openSUSE key
  • OR
  • icingaweb2-2.8.6-bp153.2.3.1 is installed
  • AND icingaweb2 is signed with openSUSE key
  • OR
  • icingaweb2-common-2.8.6-bp153.2.3.1 is installed
  • AND icingaweb2-common is signed with openSUSE key
  • OR
  • icingaweb2-vendor-HTMLPurifier-2.8.6-bp153.2.3.1 is installed
  • AND icingaweb2-vendor-HTMLPurifier is signed with openSUSE key
  • OR
  • icingaweb2-vendor-JShrink-2.8.6-bp153.2.3.1 is installed
  • AND icingaweb2-vendor-JShrink is signed with openSUSE key
  • OR
  • icingaweb2-vendor-Parsedown-2.8.6-bp153.2.3.1 is installed
  • AND icingaweb2-vendor-Parsedown is signed with openSUSE key
  • OR
  • icingaweb2-vendor-dompdf-2.8.6-bp153.2.3.1 is installed
  • AND icingaweb2-vendor-dompdf is signed with openSUSE key
  • OR
  • icingaweb2-vendor-lessphp-2.8.6-bp153.2.3.1 is installed
  • AND icingaweb2-vendor-lessphp is signed with openSUSE key
  • OR
  • icingaweb2-vendor-zf1-2.8.6-bp153.2.3.1 is installed
  • AND icingaweb2-vendor-zf1 is signed with openSUSE key
  • OR
  • php-Icinga-2.8.6-bp153.2.3.1 is installed
  • AND php-Icinga is signed with openSUSE key
    • BACK