vulnerability
Ubuntu: (CVE-2022-24715): icingaweb2 vulnerability
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 6 | (AV:N/AC:M/Au:S/C:P/I:P/A:P) | Mar 8, 2022 | Jun 26, 2025 | Mar 27, 2026 |
Severity
6
CVSS
(AV:N/AC:M/Au:S/C:P/I:P/A:P)
Published
Mar 8, 2022
Added
Jun 26, 2025
Modified
Mar 27, 2026
Description
Icinga Web 2 is an open source monitoring web interface, framework and command-line interface. Authenticated users, with access to the configuration, can create SSH resource files in unintended directories, leading to the execution of arbitrary code. This issue has been resolved in versions 2.8.6, 2.9.6 and 2.10 of Icinga Web 2. Users unable to upgrade should limit access to the Icinga Web 2 configuration.
Solution
no-fix-ubuntu-package
References
- CVE-2022-24715
- https://attackerkb.com/topics/CVE-2022-24715
- CWE-22
- EUVD-EUVD-2022-29576
- https://euvd.enisa.europa.eu/vulnerability/EUVD-2022-29576
- https://github.com/Icinga/icingaweb2/commit/a06d915467ca943a4b406eb9587764b8ec34cafb
- https://github.com/Icinga/icingaweb2/security/advisories/GHSA-v9mv-h52f-7g63
- https://www.cve.org/CVERecord?id=CVE-2022-24715
Rapid7 Labs
2026 Global Threat Landscape Report
The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.