Disclosure of hosts and related data, linked to decommissioned services in Icinga Web 2

Icinga Web 2 is an open source monitoring web interface, framework and command-line interface. Installations of Icinga 2 with the IDO writer enabled are affected. If you use service custom variables in role restrictions, and you regularly decommission service objects, users with said roles may still have access to a collection of content. Note that this only applies if a role has implicitly permitted access to hosts, due to permitted access to at least one of their services. If access to a host is permitted by other means, no sensible information has been disclosed to unauthorized users. This issue has been resolved in versions 2.8.6, 2.9.6 and 2.10 of Icinga Web 2.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

授权机制不正确

Icinga Web 2 安全漏洞

Icinga Web 2是一个应用软件。Icinga Web 2是Icinga Project开发的下一代开源监控 Web 界面、框架和命令行界面，支持 Icinga 2、Icinga Core 和任何其他兼容 IDO 数据库的监控后端。 Icinga Web 2 存在安全漏洞，该漏洞源于启用IDO写入器的Icinga Web 2 的安装将受到影响。

N/A

N/A