Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Icinga 2 certificate renewal might incorrectly renew an invalid certificate
Vulnerability Description
Icinga 2 is a monitoring system which checks the availability of network resources, notifies users of outages, and generates performance data for reporting. Prior to versions 2.12.12, 2.13.12, and 2.14.6, the VerifyCertificate() function can be tricked into incorrectly treating certificates as valid. This allows an attacker to send a malicious certificate request that is then treated as a renewal of an already existing certificate, resulting in the attacker obtaining a valid certificate that can be used to impersonate trusted nodes. This only occurs when Icinga 2 is built with OpenSSL older than version 1.1.0. This issue has been patched in versions 2.12.12, 2.13.12, and 2.14.6.
CVSS Information
N/A
Vulnerability Type
证书信任链回溯不恰当
Vulnerability Title
Icinga 安全漏洞
Vulnerability Description
Icinga是德国Icinga公司的一套可扩展的服务器、网络资源监控系统。 Icinga 2 2.12.12之前版本、2.13.12之前版本和2.14.6之前版本存在安全漏洞,该漏洞源于VerifyCertificate函数可能错误验证证书。
CVSS Information
N/A
Vulnerability Type
N/A