Icinga Addresses CSRF Vulnerability in ipl/web
CVE-2024-41811

3.9LOW

Key Information:

Vendor: Icinga
Status: Ipl-web
Vendor: CVE Published:; 5 August 2024

What is CVE-2024-41811?

ipl/web is a set of common web components for php projects. Some of the recent development by Icinga is, under certain circumstances, susceptible to cross site request forgery. (CSRF). All affected products, in any version, will be unaffected by this once icinga-php-library is upgraded. Version 0.10.1 includes a fix for this. It will be published as part of the icinga-php-library v0.14.1 release.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

ipl-web < 0.10.1

References

https://github.com/Icinga/ipl-web/security/advisories/GHS...

x_refsource_CONFIRM

https://github.com/Icinga/ipl-web/commit/492336fdb57a5bb0...

x_refsource_MISC

CVSS V3.1

Score:

3.9

Severity:

LOW

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

High

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Aug 5, 2024
Vulnerability Reserved
Jul 22, 2024

JSON

Icinga