Cross-Site Request Forgery in Icinga Web 2 Affects Monitoring Module
CVE-2018-18246

6.5MEDIUM

Key Information:

Vendor

Icinga

Status
Icinga Web 2
Vendor
CVE Published:
17 December 2018

What is CVE-2018-18246?

Icinga Web 2 versions prior to 2.6.2 are susceptible to Cross-Site Request Forgery (CSRF), which could allow an attacker to manipulate monitoring configurations without authentication. This vulnerability enables unauthorized activation or deactivation of critical modules via unprotected web interface endpoints, potentially compromising the integrity and availability of system monitoring functionalities.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

https://herolab.usd.de/wp-content/uploads/sites/4/2018/12...
x_refsource_MISC
http://lists.opensuse.org/opensuse-security-announce/2020...
vendor-advisoryx_refsource_SUSE

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
None
Integrity:
High
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.