vulnerability
FreeBSD: VID-0a82bc4d-a129-11ef-8351-589cfc0f81b0 (CVE-2024-49369): icinga2 -- TLS Certificate Validation Bypass
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 10 | (AV:N/AC:L/Au:N/C:C/I:C/A:C) | Nov 12, 2024 | Nov 14, 2024 | Dec 10, 2025 |
Severity
10
CVSS
(AV:N/AC:L/Au:N/C:C/I:C/A:C)
Published
Nov 12, 2024
Added
Nov 14, 2024
Modified
Dec 10, 2025
Description
The Icinga project reports: Icinga is a monitoring system which checks the availability of network resources, notifies users of outages, and generates performance data for reporting. The TLS certificate validation in all Icinga 2 versions starting from 2.4.0 was flawed, allowing an attacker to impersonate both trusted cluster nodes as well as any API users that use TLS client certificates for authentication (ApiUser objects with the client_cn attribute set). This vulnerability has been fixed in v2.14.3, v2.13.10, v2.12.11, and v2.11.12.
Solution
freebsd-upgrade-package-icinga2
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.