Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2022-24716
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
Path traversal in Icinga Web 2
Source: NVD (National Vulnerability Database)
Vulnerability Description
Icinga Web 2 is an open source monitoring web interface, framework and command-line interface. Unauthenticated users can leak the contents of files of the local system accessible to the web-server user, including `icingaweb2` configuration files with database credentials. This issue has been resolved in versions 2.9.6 and 2.10 of Icinga Web 2. Database credentials should be rotated.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Source: NVD (National Vulnerability Database)
Vulnerability Type
对路径名的限制不恰当(路径遍历)
Source: NVD (National Vulnerability Database)
Vulnerability Title
Icinga Web 2 路径遍历漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Icinga Web 2是一个应用软件。Icinga Web 2是Icinga Project开发的下一代开源监控 Web 界面、框架和命令行界面,支持 Icinga 2、Icinga Core 和任何其他兼容 IDO 数据库的监控后端。 Icinga Web 2 存在路径遍历漏洞,该漏洞源于未经认证的Icinga Web 2 用户可以泄露web-server用户可以访问的本地系统文件的内容,包括带有数据库凭据的“icingaweb2”配置文件。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
VendorProductAffected VersionsCPESubscribe
Icingaicingaweb2 >= 2.9.0, < 2.9.6 -
II. Public POCs for CVE-2022-24716
#POC DescriptionSource LinkShenlong Link
1Arbitrary File Disclosure Vulnerability in Icinga Web 2 <2.8.6, <2.9.6, <2.10https://github.com/JacobEbben/CVE-2022-24716POC Details
2CVE-2022-24716 (Arbitrary File Disclosure Icingaweb2)https://github.com/joaoviictorti/CVE-2022-24716POC Details
3Nonehttps://github.com/pumpkinpiteam/CVE-2022-24716POC Details
4Arbitrary File Disclosure Vulnerability in Icinga Web 2 <2.8.6, <2.9.6, <2.10https://github.com/doosec101/CVE-2022-24716POC Details
5Nonehttps://github.com/antisecc/CVE-2022-24716POC Details
6Icinga Web 2 is an open source monitoring web interface, framework and command-line interface. Unauthenticated users can leak the contents of files of the local system accessible to the web-server user, including `icingaweb2` configuration files with database credentials. https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2022/CVE-2022-24716.yamlPOC Details
7CVE-2022-24716 (Arbitrary File Disclosure Icingaweb2)https://github.com/gmh5225/CVE-2022-24716-2POC Details
AI-Generated POCPremium

No public POC found.

Login to generate AI POC
III. Intelligence Information for CVE-2022-24716
Please Login to view more intelligence information
IV. Related Vulnerabilities
Same product: icingaweb2
Same vendor: Icinga
Same weakness: CWE-22
V. Comments for CVE-2022-24716

No comments yet

Leave a comment