Icinga Director Vulnerable to Cross-Site Request Forgery (CSRF) Attacks
CVE-2024-24820
What is CVE-2024-24820?
Icinga Director, a tool for simplifying Icinga 2 configuration handling, is vulnerable to Cross-Site Request Forgery (CSRF) attacks. The vulnerability allows attackers to make unauthorized changes in the monitoring environment managed by Icinga Director, effectively compromising its security. Users operating with version 1.x of the map module should immediately upgrade to version 2.0 or later to mitigate these risks. It is also essential for users of Icinga Web to upgrade to the latest releases of the 2.9, 2.10, or 2.11 branches to ensure comprehensive protection against any associated exploits. Alternatively, for immediate relief, consider disabling the director module until a secure version is applied. Prompt action is recommended to safeguard your Icinga infrastructure.
Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.
Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.
Affected Version(s)
icingaweb2-module-director >=1.0.0, < 1.8.2 < 1.0.0, 1.8.2
icingaweb2-module-director >= 1.9.0, < 1.9.2 < 1.9.0, 1.9.2
icingaweb2-module-director >= 1.10.0, < 1.10.3 < 1.10.0, 1.10.3
References
CVSS V3.1
Timeline
Vulnerability published