UBUNTU-CVE-2021-32746

See a problem?
Please try reporting it to the source first.
Source
https://ubuntu.com/security/CVE-2021-32746
Import Source
https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2021/UBUNTU-CVE-2021-32746.json
JSON Data
https://api.test.osv.dev/v1/vulns/UBUNTU-CVE-2021-32746
Upstream
Published
2021-07-12T23:15:00Z
Modified
2025-10-24T04:50:20Z
Severity
  • 5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
  • 5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
  • Ubuntu - low
Summary
[none]
Details

Icinga Web 2 is an open source monitoring web interface, framework and command-line interface. Between versions 2.3.0 and 2.8.2, the doc module of Icinga Web 2 allows to view documentation directly in the UI. It must be enabled manually by an administrator and users need explicit access permission to use it. Then, by visiting a certain route, it is possible to gain access to arbitrary files readable by the web-server user. The issue has been fixed in the 2.9.0, 2.8.3, and 2.7.5 releases. As a workaround, an administrator may disable the doc module or revoke permission to use it from all users.

References

Affected packages

Ubuntu:16.04:LTS

icingaweb2

Package

Name
icingaweb2
Purl
pkg:deb/ubuntu/icingaweb2@2.1.0-1ubuntu1.2?arch=source&distro=xenial

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

2.*

2.1.0-1ubuntu1
2.1.0-1ubuntu1.1
2.1.0-1ubuntu1.2

Ecosystem specific 

{
    "binaries": [
        {
            "binary_version": "2.1.0-1ubuntu1.2",
            "binary_name": "icingaweb2"
        },
        {
            "binary_version": "2.1.0-1ubuntu1.2",
            "binary_name": "icingaweb2-module-monitoring"
        },
        {
            "binary_version": "2.1.0-1ubuntu1.2",
            "binary_name": "php-icinga"
        }
    ]
}

Ubuntu:18.04:LTS

icingaweb2

Package

Name
icingaweb2
Purl
pkg:deb/ubuntu/icingaweb2@2.4.1-1ubuntu0.1?arch=source&distro=bionic

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

2.*

2.4.1-1
2.4.1-1ubuntu0.1

Ecosystem specific 

{
    "binaries": [
        {
            "binary_version": "2.4.1-1ubuntu0.1",
            "binary_name": "icingacli"
        },
        {
            "binary_version": "2.4.1-1ubuntu0.1",
            "binary_name": "icingaweb2"
        },
        {
            "binary_version": "2.4.1-1ubuntu0.1",
            "binary_name": "icingaweb2-common"
        },
        {
            "binary_version": "2.4.1-1ubuntu0.1",
            "binary_name": "icingaweb2-module-monitoring"
        },
        {
            "binary_version": "2.4.1-1ubuntu0.1",
            "binary_name": "php-icinga"
        }
    ]
}

Ubuntu:20.04:LTS

icingaweb2

Package

Name
icingaweb2
Purl
pkg:deb/ubuntu/icingaweb2@2.7.3-1?arch=source&distro=focal

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

2.*

2.7.1-1
2.7.3-1

Ecosystem specific 

{
    "binaries": [
        {
            "binary_version": "2.7.3-1",
            "binary_name": "icingacli"
        },
        {
            "binary_version": "2.7.3-1",
            "binary_name": "icingaweb2"
        },
        {
            "binary_version": "2.7.3-1",
            "binary_name": "icingaweb2-common"
        },
        {
            "binary_version": "2.7.3-1",
            "binary_name": "icingaweb2-module-monitoring"
        },
        {
            "binary_version": "2.7.3-1",
            "binary_name": "php-icinga"
        }
    ]
}

Ubuntu:22.04:LTS

icingaweb2

Package

Name
icingaweb2
Purl
pkg:deb/ubuntu/icingaweb2@2.9.5-1?arch=source&distro=jammy

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

2.*

2.8.2-2
2.9.3-1
2.9.4-1
2.9.5-1

Ecosystem specific 

{
    "binaries": [
        {
            "binary_version": "2.9.5-1",
            "binary_name": "icingacli"
        },
        {
            "binary_version": "2.9.5-1",
            "binary_name": "icingaweb2"
        },
        {
            "binary_version": "2.9.5-1",
            "binary_name": "icingaweb2-common"
        },
        {
            "binary_version": "2.9.5-1",
            "binary_name": "icingaweb2-module-monitoring"
        },
        {
            "binary_version": "2.9.5-1",
            "binary_name": "php-icinga"
        }
    ]
}

Ubuntu:24.04:LTS

icingaweb2

Package

Name
icingaweb2
Purl
pkg:deb/ubuntu/icingaweb2@2.12.1-1?arch=source&distro=noble

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

2.*

2.11.4-3
2.12.0-1
2.12.1-1

Ecosystem specific 

{
    "binaries": [
        {
            "binary_version": "2.12.1-1",
            "binary_name": "icingacli"
        },
        {
            "binary_version": "2.12.1-1",
            "binary_name": "icingaweb2"
        },
        {
            "binary_version": "2.12.1-1",
            "binary_name": "icingaweb2-common"
        },
        {
            "binary_version": "2.12.1-1",
            "binary_name": "icingaweb2-module-monitoring"
        },
        {
            "binary_version": "2.12.1-1",
            "binary_name": "php-icinga"
        }
    ]
}

Ubuntu:25.04

icingaweb2

Package

Name
icingaweb2
Purl
pkg:deb/ubuntu/icingaweb2@2.12.2-1?arch=source&distro=plucky

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

2.*

2.12.1-1
2.12.2-1

Ecosystem specific 

{
    "binaries": [
        {
            "binary_version": "2.12.2-1",
            "binary_name": "icingacli"
        },
        {
            "binary_version": "2.12.2-1",
            "binary_name": "icingaweb2"
        },
        {
            "binary_version": "2.12.2-1",
            "binary_name": "icingaweb2-common"
        },
        {
            "binary_version": "2.12.2-1",
            "binary_name": "icingaweb2-module-monitoring"
        },
        {
            "binary_version": "2.12.2-1",
            "binary_name": "php-icinga"
        }
    ]
}

Ubuntu:25.10

icingaweb2

Package

Name
icingaweb2
Purl
pkg:deb/ubuntu/icingaweb2@2.12.4-2?arch=source&distro=questing

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

2.*

2.12.2-1
2.12.4-1
2.12.4-2

Ecosystem specific 

{
    "binaries": [
        {
            "binary_version": "2.12.4-2",
            "binary_name": "icingacli"
        },
        {
            "binary_version": "2.12.4-2",
            "binary_name": "icingaweb2"
        },
        {
            "binary_version": "2.12.4-2",
            "binary_name": "icingaweb2-common"
        },
        {
            "binary_version": "2.12.4-2",
            "binary_name": "icingaweb2-module-monitoring"
        },
        {
            "binary_version": "2.12.4-2",
            "binary_name": "php-icinga"
        }
    ]
}