Free and open-source vulnerability scanner
Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.
Install NowAvailable for macOS, Windows, and Linux
openSUSE: Security Advisory for icingaweb2 (openSUSE-SU-2020:0067_1)
Information
Severity
Severity
Family
Family
CVSSv2 Base
CVSSv2 Base
CVSSv2 Vector
CVSSv2 Vector
Solution Type
Solution Type
Created
Created
Modified
Modified
Summary
The remote host is missing an update for the 'icingaweb2' package(s) announced via the openSUSE-SU-2020:0067_1 advisory.
Insight
Insight
This update for icingaweb2 to version 2.7.3 fixes the following issues: icingaweb2 update to 2.7.3: * Fixed an issue where servicegroups for roles with filtered objects were not available icingaweb2 update to 2.7.2: * Performance imrovements and bug fixes icingaweb2 update to 2.7.1: * Highlight links in the notes of an object * Fixed an issue where sort rules were no longer working * Fixed an issue where statistics were shown with an anarchist way * Fixed an issue where wildcards could no show results icingaweb2 update to 2.7.0: * New languages support * Now module developers got additional ways to customize Icinga Web 2 * UI enhancements icingaweb2 update to 2.6.3: * Fixed various issues with LDAP * Fixed issues with timezone * UI enhancements * Stability fixes icingaweb2 update to 2.6.2: You can find issues and features related to this release on our Roadmap. This bugfix release addresses the following topics: * Database connections to MySQL 8 no longer fail * LDAP connections now have a timeout configuration which defaults to 5 seconds * User groups are now correctly loaded for externally authenticated users * Filters are respected for all links in the host and service group overviews * Fixed permission problems where host and service actions provided by modules were missing * Fixed an SQL error in the contact list view when filtering for host groups * Fixed time zone (DST) detection * Fixed the contact details view if restrictions are active * Doc parser and documentation fixes Fix security issues: - CVE-2018-18246: fixed an CSRF in moduledisable (boo#1119784) - CVE-2018-18247: fixed an XSS via /icingaweb2/navigation/add (boo#1119785) - CVE-2018-18248: fixed an XSS attack is possible via query strings or a dir parameter (boo#1119801) - CVE-2018-18249: fixed an injection of PHP ini-file directives involves environment variables as channel to send out information (boo#1119799) - CVE-2018-18250: fixed parameters that can break navigation dashlets (boo#1119800) - Remove setuid from new upstream spec file for following dirs: /etc/icingaweb2, /etc/icingaweb/modules, /etc/icingaweb2/modules/setup, /etc/icingaweb2/modules/translation, /var/log/icingaweb2 icingaweb2 updated to 2.6.1: - The command audit now logs a command's payload a ... Description truncated. Please see the references for more information.
Affected Software
Affected Software
'icingaweb2' package(s) on openSUSE Leap 15.1, openSUSE Leap 15.0.
Detection Method
Detection Method
Checks if a vulnerable package version is present on the target host.
Solution
Solution
Please install the updated package(s).