Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Icinga has insecure permission of %ProgramData%\icinga2\var on Windows
Vulnerability Description
Icinga 2 is an open source monitoring system. Starting in version 2.3.0 and prior to versions 2.13.14, 2.14.8, and 2.15.2, the Icinga 2 MSI did not set appropriate permissions for the `%ProgramData%\icinga2\var` folder on Windows. This resulted in the its contents - including the private key of the user and synced configuration - being readable by all local users. All installations on Windows are affected. Versions 2.13.14, 2.14.8, and 2.15.2 contains a fix. There are two possibilities to work around the issue without upgrading Icinga 2. Upgrade Icinga for Windows to at least version v1.13.4, v1.12.4, or v1.11.2. These version will automatically fix the ACLs for the Icinga 2 agent as well. Alternatively, manually update the ACL for the given folder `C:\ProgramData\icinga2\var` (and `C:\Program Files\WindowsPowerShell\modules\icinga-powershell-framework\certificate` to fix the issue for the Icinga for Windows as well) including every sub-folder and item to restrict access for general users, only allowing the Icinga service user and administrators access.
CVSS Information
N/A
Vulnerability Type
缺省权限不正确
Vulnerability Title
Icinga 2 安全漏洞
Vulnerability Description
Icinga 2是Icinga开源的一个监控系统。 Icinga 2 2.13.14之前版本、2.14.8之前版本和2.15.2之前版本存在安全漏洞,该漏洞源于Windows文件夹权限设置不当,可能导致所有本地用户可读取私钥和同步配置。
CVSS Information
N/A
Vulnerability Type
N/A