CVSS Base Vector:
The remote host is missing an update for the 'icingaweb2'
Linux Distribution Package(s) announced via the openSUSE-SU-2020:0067_1 advisory.
Checks if a vulnerable Linux Distribution Package version is present on the target host.
This update for icingaweb2 to version 2.7.3 fixes the following issues:
icingaweb2 update to 2.7.3:
* Fixed an issue where servicegroups for roles with filtered objects were
icingaweb2 update to 2.7.2:
* Performance imrovements and bug fixes
icingaweb2 update to 2.7.1:
* Highlight links in the notes of an object
* Fixed an issue where sort rules were no longer working
* Fixed an issue where statistics were shown with an anarchist way
* Fixed an issue where wildcards could no show results
icingaweb2 update to 2.7.0:
* New languages support
* Now module developers got additional ways to customize Icinga Web 2
* UI enhancements
icingaweb2 update to 2.6.3:
* Fixed various issues with LDAP
* Fixed issues with timezone
* UI enhancements
* Stability fixes
icingaweb2 update to 2.6.2:
You can find issues and features related to this release on our Roadmap.
This bugfix release addresses the following topics:
* Database connections to MySQL 8 no longer fail
* LDAP connections now have a timeout configuration which defaults to 5
* User groups are now correctly loaded for externally authenticated users
* Filters are respected for all links in the host and service group
* Fixed permission problems where host and service actions provided by
modules were missing
* Fixed an SQL error in the contact list view when filtering for host
* Fixed time zone (DST) detection
* Fixed the contact details view if restrictions are active
* Doc parser and documentation fixes
Fix security issues:
- CVE-2018-18246: fixed an CSRF in moduledisable (boo#1119784)
- CVE-2018-18247: fixed an XSS via /icingaweb2/navigation/add (boo#1119785)
- CVE-2018-18248: fixed an XSS attack is possible via query strings or a
dir parameter (boo#1119801)
- CVE-2018-18249: fixed an injection of PHP ini-file directives involves
environment variables as channel to send out information (boo#1119799)
- CVE-2018-18250: fixed parameters that can break navigation dashlets
- Remove setuid from new upstream spec file for following dirs:
/etc/icingaweb2, /etc/icingaweb/modules, /etc/icingaweb2/modules/setup,
icingaweb2 updated to 2.6.1:
- The command audit now logs a command's payload a ...
Description truncated. Please see the references for more information.
'icingaweb2' Linux Distribution Package(s) on openSUSE Leap 15.1, openSUSE Leap 15.0.
Please install the updated Linux Distribution Package(s).
NIST (National Institute of Standards and Technology) NVD (National Vulnerability Database)
Linux Distribution Package