Icinga Web 2 Vulnerability Allowing Navigation Breakage in Specific Configurations
CVE-2018-18250

7.5HIGH

Key Information:

Vendor: Icinga
Status: Icinga Web 2
Vendor: CVE Published:; 17 December 2018

What is CVE-2018-18250?

Icinga Web 2 versions before 2.6.2 are susceptible to a parameter injection vulnerability that can lead to navigation items breaking functionality. Specifically, a single '$' character used as the name of a navigation item can disrupt dashlet operations. This flaw poses a risk to users as it permits improper handling of navigation components within the web interface, potentially allowing for a compromised user experience.

References

https://herolab.usd.de/wp-content/uploads/sites/4/2018/12...

x_refsource_MISC

http://lists.opensuse.org/opensuse-security-announce/2020...

vendor-advisoryx_refsource_SUSE

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 17, 2018
Vulnerability Reserved
Oct 11, 2018

CVE-2018-18250 Data

JSON