Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Icinga 2 has a TLS Certificate Validation Bypass for JSON-RPC and HTTP API Connections
Vulnerability Description
Icinga is a monitoring system which checks the availability of network resources, notifies users of outages, and generates performance data for reporting. The TLS certificate validation in all Icinga 2 versions starting from 2.4.0 was flawed, allowing an attacker to impersonate both trusted cluster nodes as well as any API users that use TLS client certificates for authentication (ApiUser objects with the client_cn attribute set). This vulnerability has been fixed in v2.14.3, v2.13.10, v2.12.11, and v2.11.12.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Vulnerability Type
证书验证不恰当
Vulnerability Title
Icinga 信任管理问题漏洞
Vulnerability Description
Icinga是德国Icinga公司的一套可扩展的服务器、网络资源监控系统。 Icinga存在信任管理问题漏洞,该漏洞源于TLS证书验证存在缺陷。
CVSS Information
N/A
Vulnerability Type
N/A