CVE-2024-49369
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2024-49369
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-49369.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2024-49369
- Aliases
-
- GHSA-j7wq-r9mg-9wpv
- Downstream
- Related
- Published
- 2024-11-12T17:15:08Z
- Modified
- 2025-09-19T15:11:24.778176Z
- Summary
- [none]
- Details
-
Icinga is a monitoring system which checks the availability of network resources, notifies users of outages, and generates performance data for reporting. The TLS certificate validation in all Icinga 2 versions starting from 2.4.0 was flawed, allowing an attacker to impersonate both trusted cluster nodes as well as any API users that use TLS client certificates for authentication (ApiUser objects with the client_cn attribute set). This vulnerability has been fixed in v2.14.3, v2.13.10, v2.12.11, and v2.11.12.
- References
-
- https://github.com/Icinga/icinga2/security/advisories/GHSA-j7wq-r9mg-9wpv
- https://icinga.com/blog/2024/11/12/critical-icinga-2-security-releases-2-14-3
- https://github.com/Icinga/icinga2/commit/0419a2c36de408e9a703aec0962061ec9a285d3c
- https://github.com/Icinga/icinga2/commit/2febc5e18ae0c93d989e64ebc2a9fd90e7205ad8
- https://github.com/Icinga/icinga2/commit/3504fc7ed688c10d86988e2029a65efc311393fe
- https://github.com/Icinga/icinga2/commit/869a7d6f0fe38c748e67bacc1fbdd42c933030f6
- https://github.com/Icinga/icinga2/commit/8fed6608912c752b337d977f730547875a820831
Affected packages
Git / github.com/icinga/icinga2
Affected ranges
- Type
- GIT
- Repo
- https://github.com/icinga/icinga2
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixedFixedFixedFixedFixed
Affected versions
v0.*
v0.0.1
v0.0.10
v0.0.11
v0.0.2
v0.0.3
v0.0.4
v0.0.5
v0.0.6
v0.0.7
v0.0.8
v0.0.9
v2.*
v2.0.0
v2.0.0-beta1
v2.0.0-beta2
v2.0.1
v2.0.2
v2.1.0
v2.1.1
v2.10.0
v2.10.1
v2.10.2
v2.10.3
v2.10.4
v2.10.5
v2.11.0
v2.11.0-rc1
v2.11.1
v2.11.10
v2.11.11
v2.11.2
v2.11.3
v2.11.4
v2.11.5
v2.11.6
v2.11.7
v2.11.8
v2.11.9
v2.12.0
v2.12.0-rc1
v2.12.1
v2.12.10
v2.12.2
v2.12.3
v2.12.4
v2.12.5
v2.12.6
v2.12.7
v2.12.8
v2.12.9
v2.13.0
v2.13.1
v2.13.2
v2.13.3
v2.13.4
v2.13.5
v2.13.6
v2.13.7
v2.13.8
v2.13.9
v2.14.0
v2.14.1
v2.14.2
v2.2.0
v2.3.0
v2.3.1
v2.3.10
v2.3.11
v2.3.2
v2.3.3
v2.3.4
v2.3.5
v2.3.6
v2.3.7
v2.3.8
v2.3.9
v2.4.0
v2.4.1
v2.4.10
v2.4.2
v2.4.3
v2.4.4
v2.4.5
v2.4.6
v2.4.7
v2.4.8
v2.4.9
v2.5.0
v2.5.1
v2.5.2
v2.5.3
v2.5.4
v2.6.0
v2.6.1
v2.6.2
v2.6.3
v2.7.0
v2.7.1
v2.7.2
v2.8.0
v2.8.1
v2.8.2
v2.8.3
v2.8.4
v2.9.0
v2.9.1
v2.9.2
Database specific
{
"vanir_signatures": [
{
"target": {
"file": "lib/base/tlsstream.cpp"
},
"signature_type": "Line",
"digest": {
"line_hashes": [
"279595544420860493825733674128942417962",
"24718734247597480691335375903066249456",
"89172401973734101650292888595731089400",
"149903972273766108388669566236840597674",
"67057621278556746671902870372363722150",
"153185862794558185755736396029713522541",
"85968439455258866222038609572423343754",
"139694276195249297533675998782341096309",
"338166328781303122435259843310226735720",
"233397638862856084711053370921457511263",
"301723187515516509542171470771452007410",
"191673743794103458358388566257465701011",
"202985005418529841930217952625599875120",
"242167146284163235571426736242269743971",
"84009811377386390834173240259683016151",
"196173602889104563018798752655826803515",
"228914361266340861840704453356978380587",
"12537444068894457229926020989449265977",
"212299768559660736030219222791774306316",
"152378592288222804787039109617757981830",
"190825040094703554374055408281413017291"
],
"threshold": 0.9
},
"id": "CVE-2024-49369-0825a61a",
"signature_version": "v1",
"deprecated": false,
"source": "https://github.com/icinga/icinga2/commit/0419a2c36de408e9a703aec0962061ec9a285d3c"
},
{
"target": {
"function": "UnbufferedAsioTlsStream::IsVerifyOK",
"file": "lib/base/tlsstream.cpp"
},
"signature_type": "Function",
"digest": {
"function_hash": "241011405338555829308671732241592525382",
"length": 77.0
},
"id": "CVE-2024-49369-10ebf4ee",
"signature_version": "v1",
"deprecated": false,
"source": "https://github.com/icinga/icinga2/commit/8fed6608912c752b337d977f730547875a820831"
},
{
"target": {
"file": "lib/base/tlsstream.cpp"
},
"signature_type": "Line",
"digest": {
"line_hashes": [
"279595544420860493825733674128942417962",
"24718734247597480691335375903066249456",
"89172401973734101650292888595731089400",
"149903972273766108388669566236840597674",
"67057621278556746671902870372363722150",
"153185862794558185755736396029713522541",
"85968439455258866222038609572423343754",
"139694276195249297533675998782341096309",
"338166328781303122435259843310226735720",
"233397638862856084711053370921457511263",
"301723187515516509542171470771452007410",
"191673743794103458358388566257465701011",
"202985005418529841930217952625599875120",
"242167146284163235571426736242269743971",
"84009811377386390834173240259683016151",
"196173602889104563018798752655826803515",
"228914361266340861840704453356978380587",
"12537444068894457229926020989449265977",
"212299768559660736030219222791774306316",
"152378592288222804787039109617757981830",
"190825040094703554374055408281413017291"
],
"threshold": 0.9
},
"id": "CVE-2024-49369-1114f3b0",
"signature_version": "v1",
"deprecated": false,
"source": "https://github.com/icinga/icinga2/commit/3504fc7ed688c10d86988e2029a65efc311393fe"
},
{
"target": {
"file": "lib/base/tlsstream.hpp"
},
"signature_type": "Line",
"digest": {
"line_hashes": [
"179573090970288280703978404179223919554",
"315080401256501916500337093241609526869",
"246473645120483932116135828108416170532",
"83273584453133107311431066683123353737",
"124735037642982328530169178838440821394",
"290701547331227072088017258415387771596",
"227822597694406976352434620639782250186",
"226264902076968289407236433721833348542",
"317548251678652208427170510140557408463",
"213711761118263054424444488241995951077",
"52348841178508181368490739591642383914",
"211445904498793474635664116619951931681",
"264528936454905462379699175937642799344"
],
"threshold": 0.9
},
"id": "CVE-2024-49369-281774a2",
"signature_version": "v1",
"deprecated": false,
"source": "https://github.com/icinga/icinga2/commit/8fed6608912c752b337d977f730547875a820831"
},
{
"target": {
"function": "UnbufferedAsioTlsStream::GetVerifyError",
"file": "lib/base/tlsstream.cpp"
},
"signature_type": "Function",
"digest": {
"function_hash": "139649990975062432597846975414934027204",
"length": 84.0
},
"id": "CVE-2024-49369-36197e5d",
"signature_version": "v1",
"deprecated": false,
"source": "https://github.com/icinga/icinga2/commit/8fed6608912c752b337d977f730547875a820831"
},
{
"target": {
"function": "UnbufferedAsioTlsStream::BeforeHandshake",
"file": "lib/base/tlsstream.cpp"
},
"signature_type": "Function",
"digest": {
"function_hash": "177771530118708588209585575171945355527",
"length": 897.0
},
"id": "CVE-2024-49369-3bc406c3",
"signature_version": "v1",
"deprecated": false,
"source": "https://github.com/icinga/icinga2/commit/8fed6608912c752b337d977f730547875a820831"
},
{
"target": {
"function": "UnbufferedAsioTlsStream::GetVerifyError",
"file": "lib/base/tlsstream.cpp"
},
"signature_type": "Function",
"digest": {
"function_hash": "139649990975062432597846975414934027204",
"length": 84.0
},
"id": "CVE-2024-49369-3d71cd3d",
"signature_version": "v1",
"deprecated": false,
"source": "https://github.com/icinga/icinga2/commit/0419a2c36de408e9a703aec0962061ec9a285d3c"
},
{
"target": {
"function": "UnbufferedAsioTlsStream::IsVerifyOK",
"file": "lib/base/tlsstream.cpp"
},
"signature_type": "Function",
"digest": {
"function_hash": "241011405338555829308671732241592525382",
"length": 77.0
},
"id": "CVE-2024-49369-4526f646",
"signature_version": "v1",
"deprecated": false,
"source": "https://github.com/icinga/icinga2/commit/0419a2c36de408e9a703aec0962061ec9a285d3c"
},
{
"target": {
"function": "UnbufferedAsioTlsStream::BeforeHandshake",
"file": "lib/base/tlsstream.cpp"
},
"signature_type": "Function",
"digest": {
"function_hash": "177771530118708588209585575171945355527",
"length": 897.0
},
"id": "CVE-2024-49369-56908838",
"signature_version": "v1",
"deprecated": false,
"source": "https://github.com/icinga/icinga2/commit/3504fc7ed688c10d86988e2029a65efc311393fe"
},
{
"target": {
"function": "UnbufferedAsioTlsStream::IsVerifyOK",
"file": "lib/base/tlsstream.cpp"
},
"signature_type": "Function",
"digest": {
"function_hash": "241011405338555829308671732241592525382",
"length": 77.0
},
"id": "CVE-2024-49369-5abc21c5",
"signature_version": "v1",
"deprecated": false,
"source": "https://github.com/icinga/icinga2/commit/869a7d6f0fe38c748e67bacc1fbdd42c933030f6"
},
{
"target": {
"file": "lib/base/tlsstream.cpp"
},
"signature_type": "Line",
"digest": {
"line_hashes": [
"279595544420860493825733674128942417962",
"24718734247597480691335375903066249456",
"89172401973734101650292888595731089400",
"149903972273766108388669566236840597674",
"67057621278556746671902870372363722150",
"153185862794558185755736396029713522541",
"85968439455258866222038609572423343754",
"139694276195249297533675998782341096309",
"338166328781303122435259843310226735720",
"233397638862856084711053370921457511263",
"301723187515516509542171470771452007410",
"191673743794103458358388566257465701011",
"202985005418529841930217952625599875120",
"242167146284163235571426736242269743971",
"84009811377386390834173240259683016151",
"196173602889104563018798752655826803515",
"228914361266340861840704453356978380587",
"12537444068894457229926020989449265977",
"212299768559660736030219222791774306316",
"152378592288222804787039109617757981830",
"190825040094703554374055408281413017291"
],
"threshold": 0.9
},
"id": "CVE-2024-49369-8bf1d247",
"signature_version": "v1",
"deprecated": false,
"source": "https://github.com/icinga/icinga2/commit/8fed6608912c752b337d977f730547875a820831"
},
{
"target": {
"function": "UnbufferedAsioTlsStream::GetVerifyError",
"file": "lib/base/tlsstream.cpp"
},
"signature_type": "Function",
"digest": {
"function_hash": "139649990975062432597846975414934027204",
"length": 84.0
},
"id": "CVE-2024-49369-8c900f4e",
"signature_version": "v1",
"deprecated": false,
"source": "https://github.com/icinga/icinga2/commit/2febc5e18ae0c93d989e64ebc2a9fd90e7205ad8"
},
{
"target": {
"function": "UnbufferedAsioTlsStream::IsVerifyOK",
"file": "lib/base/tlsstream.cpp"
},
"signature_type": "Function",
"digest": {
"function_hash": "241011405338555829308671732241592525382",
"length": 77.0
},
"id": "CVE-2024-49369-8d4ee8f0",
"signature_version": "v1",
"deprecated": false,
"source": "https://github.com/icinga/icinga2/commit/3504fc7ed688c10d86988e2029a65efc311393fe"
},
{
"target": {
"file": "lib/base/tlsstream.hpp"
},
"signature_type": "Line",
"digest": {
"line_hashes": [
"179573090970288280703978404179223919554",
"315080401256501916500337093241609526869",
"246473645120483932116135828108416170532",
"83273584453133107311431066683123353737",
"124735037642982328530169178838440821394",
"290701547331227072088017258415387771596",
"227822597694406976352434620639782250186",
"226264902076968289407236433721833348542",
"317548251678652208427170510140557408463",
"213711761118263054424444488241995951077",
"52348841178508181368490739591642383914",
"211445904498793474635664116619951931681",
"264528936454905462379699175937642799344"
],
"threshold": 0.9
},
"id": "CVE-2024-49369-913978d7",
"signature_version": "v1",
"deprecated": false,
"source": "https://github.com/icinga/icinga2/commit/0419a2c36de408e9a703aec0962061ec9a285d3c"
},
{
"target": {
"function": "UnbufferedAsioTlsStream::GetVerifyError",
"file": "lib/base/tlsstream.cpp"
},
"signature_type": "Function",
"digest": {
"function_hash": "139649990975062432597846975414934027204",
"length": 84.0
},
"id": "CVE-2024-49369-91ceb96d",
"signature_version": "v1",
"deprecated": false,
"source": "https://github.com/icinga/icinga2/commit/3504fc7ed688c10d86988e2029a65efc311393fe"
},
{
"target": {
"function": "UnbufferedAsioTlsStream::BeforeHandshake",
"file": "lib/base/tlsstream.cpp"
},
"signature_type": "Function",
"digest": {
"function_hash": "177771530118708588209585575171945355527",
"length": 897.0
},
"id": "CVE-2024-49369-9424ab8d",
"signature_version": "v1",
"deprecated": false,
"source": "https://github.com/icinga/icinga2/commit/869a7d6f0fe38c748e67bacc1fbdd42c933030f6"
},
{
"target": {
"file": "lib/base/tlsstream.cpp"
},
"signature_type": "Line",
"digest": {
"line_hashes": [
"279595544420860493825733674128942417962",
"24718734247597480691335375903066249456",
"89172401973734101650292888595731089400",
"149903972273766108388669566236840597674",
"67057621278556746671902870372363722150",
"153185862794558185755736396029713522541",
"85968439455258866222038609572423343754",
"139694276195249297533675998782341096309",
"338166328781303122435259843310226735720",
"233397638862856084711053370921457511263",
"301723187515516509542171470771452007410",
"191673743794103458358388566257465701011",
"202985005418529841930217952625599875120",
"242167146284163235571426736242269743971",
"84009811377386390834173240259683016151",
"196173602889104563018798752655826803515",
"228914361266340861840704453356978380587",
"12537444068894457229926020989449265977",
"212299768559660736030219222791774306316",
"152378592288222804787039109617757981830",
"190825040094703554374055408281413017291"
],
"threshold": 0.9
},
"id": "CVE-2024-49369-9cb441b2",
"signature_version": "v1",
"deprecated": false,
"source": "https://github.com/icinga/icinga2/commit/869a7d6f0fe38c748e67bacc1fbdd42c933030f6"
},
{
"target": {
"file": "lib/base/tlsstream.hpp"
},
"signature_type": "Line",
"digest": {
"line_hashes": [
"179573090970288280703978404179223919554",
"315080401256501916500337093241609526869",
"246473645120483932116135828108416170532",
"83273584453133107311431066683123353737",
"124735037642982328530169178838440821394",
"290701547331227072088017258415387771596",
"227822597694406976352434620639782250186",
"226264902076968289407236433721833348542",
"317548251678652208427170510140557408463",
"213711761118263054424444488241995951077",
"52348841178508181368490739591642383914",
"211445904498793474635664116619951931681",
"264528936454905462379699175937642799344"
],
"threshold": 0.9
},
"id": "CVE-2024-49369-aa851ea0",
"signature_version": "v1",
"deprecated": false,
"source": "https://github.com/icinga/icinga2/commit/2febc5e18ae0c93d989e64ebc2a9fd90e7205ad8"
},
{
"target": {
"function": "UnbufferedAsioTlsStream::IsVerifyOK",
"file": "lib/base/tlsstream.cpp"
},
"signature_type": "Function",
"digest": {
"function_hash": "241011405338555829308671732241592525382",
"length": 77.0
},
"id": "CVE-2024-49369-bc2233d0",
"signature_version": "v1",
"deprecated": false,
"source": "https://github.com/icinga/icinga2/commit/2febc5e18ae0c93d989e64ebc2a9fd90e7205ad8"
},
{
"target": {
"file": "lib/base/tlsstream.hpp"
},
"signature_type": "Line",
"digest": {
"line_hashes": [
"179573090970288280703978404179223919554",
"315080401256501916500337093241609526869",
"246473645120483932116135828108416170532",
"83273584453133107311431066683123353737",
"124735037642982328530169178838440821394",
"290701547331227072088017258415387771596",
"227822597694406976352434620639782250186",
"226264902076968289407236433721833348542",
"317548251678652208427170510140557408463",
"213711761118263054424444488241995951077",
"52348841178508181368490739591642383914",
"211445904498793474635664116619951931681",
"264528936454905462379699175937642799344"
],
"threshold": 0.9
},
"id": "CVE-2024-49369-c08161ce",
"signature_version": "v1",
"deprecated": false,
"source": "https://github.com/icinga/icinga2/commit/3504fc7ed688c10d86988e2029a65efc311393fe"
},
{
"target": {
"function": "UnbufferedAsioTlsStream::BeforeHandshake",
"file": "lib/base/tlsstream.cpp"
},
"signature_type": "Function",
"digest": {
"function_hash": "177771530118708588209585575171945355527",
"length": 897.0
},
"id": "CVE-2024-49369-d16fff70",
"signature_version": "v1",
"deprecated": false,
"source": "https://github.com/icinga/icinga2/commit/2febc5e18ae0c93d989e64ebc2a9fd90e7205ad8"
},
{
"target": {
"file": "lib/base/tlsstream.cpp"
},
"signature_type": "Line",
"digest": {
"line_hashes": [
"279595544420860493825733674128942417962",
"24718734247597480691335375903066249456",
"89172401973734101650292888595731089400",
"149903972273766108388669566236840597674",
"67057621278556746671902870372363722150",
"153185862794558185755736396029713522541",
"85968439455258866222038609572423343754",
"139694276195249297533675998782341096309",
"338166328781303122435259843310226735720",
"233397638862856084711053370921457511263",
"301723187515516509542171470771452007410",
"191673743794103458358388566257465701011",
"202985005418529841930217952625599875120",
"242167146284163235571426736242269743971",
"84009811377386390834173240259683016151",
"196173602889104563018798752655826803515",
"228914361266340861840704453356978380587",
"12537444068894457229926020989449265977",
"212299768559660736030219222791774306316",
"152378592288222804787039109617757981830",
"190825040094703554374055408281413017291"
],
"threshold": 0.9
},
"id": "CVE-2024-49369-dbdf414e",
"signature_version": "v1",
"deprecated": false,
"source": "https://github.com/icinga/icinga2/commit/2febc5e18ae0c93d989e64ebc2a9fd90e7205ad8"
},
{
"target": {
"function": "UnbufferedAsioTlsStream::GetVerifyError",
"file": "lib/base/tlsstream.cpp"
},
"signature_type": "Function",
"digest": {
"function_hash": "139649990975062432597846975414934027204",
"length": 84.0
},
"id": "CVE-2024-49369-e41b6375",
"signature_version": "v1",
"deprecated": false,
"source": "https://github.com/icinga/icinga2/commit/869a7d6f0fe38c748e67bacc1fbdd42c933030f6"
},
{
"target": {
"function": "UnbufferedAsioTlsStream::BeforeHandshake",
"file": "lib/base/tlsstream.cpp"
},
"signature_type": "Function",
"digest": {
"function_hash": "177771530118708588209585575171945355527",
"length": 897.0
},
"id": "CVE-2024-49369-f7f128ee",
"signature_version": "v1",
"deprecated": false,
"source": "https://github.com/icinga/icinga2/commit/0419a2c36de408e9a703aec0962061ec9a285d3c"
},
{
"target": {
"file": "lib/base/tlsstream.hpp"
},
"signature_type": "Line",
"digest": {
"line_hashes": [
"179573090970288280703978404179223919554",
"315080401256501916500337093241609526869",
"246473645120483932116135828108416170532",
"83273584453133107311431066683123353737",
"124735037642982328530169178838440821394",
"290701547331227072088017258415387771596",
"227822597694406976352434620639782250186",
"226264902076968289407236433721833348542",
"317548251678652208427170510140557408463",
"213711761118263054424444488241995951077",
"52348841178508181368490739591642383914",
"211445904498793474635664116619951931681",
"264528936454905462379699175937642799344"
],
"threshold": 0.9
},
"id": "CVE-2024-49369-fd4c7949",
"signature_version": "v1",
"deprecated": false,
"source": "https://github.com/icinga/icinga2/commit/869a7d6f0fe38c748e67bacc1fbdd42c933030f6"
}
]
}