Cross-Site Request Forgery in Icinga Web 2 Affects Monitoring Module
CVE-2018-18246

6.5MEDIUM

Key Information:

Vendor: Icinga
Status: Icinga Web 2
Vendor: CVE Published:; 17 December 2018

What is CVE-2018-18246?

Icinga Web 2 versions prior to 2.6.2 are susceptible to Cross-Site Request Forgery (CSRF), which could allow an attacker to manipulate monitoring configurations without authentication. This vulnerability enables unauthorized activation or deactivation of critical modules via unprotected web interface endpoints, potentially compromising the integrity and availability of system monitoring functionalities.

References

https://herolab.usd.de/wp-content/uploads/sites/4/2018/12...

x_refsource_MISC

http://lists.opensuse.org/opensuse-security-announce/2020...

vendor-advisoryx_refsource_SUSE

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 17, 2018
Vulnerability Reserved
Oct 11, 2018

CVE-2018-18246 Data

JSON