vulnerability

Gentoo Linux: CVE-2024-49369: icinga2: Multiple Vulnerabilities

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
10	(AV:N/AC:L/Au:N/C:C/I:C/A:C)	11/12/2024	12/09/2024	02/18/2025

Severity

CVSS

(AV:N/AC:L/Au:N/C:C/I:C/A:C)

Published

11/12/2024

Added

12/09/2024

Modified

02/18/2025

Description

Icinga is a monitoring system which checks the availability of network resources, notifies users of outages, and generates performance data for reporting. The TLS certificate validation in all Icinga 2 versions starting from 2.4.0 was flawed, allowing an attacker to impersonate both trusted cluster nodes as well as any API users that use TLS client certificates for authentication (ApiUser objects with the client_cn attribute set). This vulnerability has been fixed in v2.14.3, v2.13.10, v2.12.11, and v2.11.12.

Solution

gentoo-linux-upgrade-net-analyzer-icinga2

References

CVE-2024-49369
https://attackerkb.com/topics/CVE-2024-49369
GENTOO-202412-08

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today