UBUNTU-CVE-2021-37698

Source
https://ubuntu.com/security/CVE-2021-37698
Import Source
https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2021/UBUNTU-CVE-2021-37698.json
JSON Data
https://api.test.osv.dev/v1/vulns/UBUNTU-CVE-2021-37698
Related
Published
2021-08-19T16:15:00Z
Modified
2024-10-15T14:08:19Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
Summary
[none]
Details

Icinga is a monitoring system which checks the availability of network resources, notifies users of outages, and generates performance data for reporting. In versions 2.5.0 through 2.13.0, ElasticsearchWriter, GelfWriter, InfluxdbWriter and Influxdb2Writer do not verify the server's certificate despite a certificate authority being specified. Icinga 2 instances which connect to any of the mentioned time series databases (TSDBs) using TLS over a spoofable infrastructure should immediately upgrade to version 2.13.1, 2.12.6, or 2.11.11 to patch the issue. Such instances should also change the credentials (if any) used by the TSDB writer feature to authenticate against the TSDB. There are no workarounds aside from upgrading.

References

Affected packages

Ubuntu:Pro:16.04:LTS / icinga2

Package

Name
icinga2
Purl
pkg:deb/ubuntu/icinga2?arch=src?distro=esm-apps/xenial

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

2.*

2.3.8-1build1
2.3.11-1
2.4.0-1
2.4.1-1
2.4.1-2
2.4.1-2ubuntu1

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:Pro:18.04:LTS / icinga2

Package

Name
icinga2
Purl
pkg:deb/ubuntu/icinga2?arch=src?distro=esm-apps/bionic

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

2.*

2.7.0-1
2.8.1-0ubuntu2

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:20.04:LTS / icinga2

Package

Name
icinga2
Purl
pkg:deb/ubuntu/icinga2?arch=src?distro=focal

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

2.*

2.10.5-1build1
2.11.2-1
2.11.2-1ubuntu1
2.11.2-1ubuntu2
2.11.2-1ubuntu3

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:22.04:LTS / icinga2

Package

Name
icinga2
Purl
pkg:deb/ubuntu/icinga2?arch=src?distro=jammy

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

2.*

2.12.3-1
2.13.1-1
2.13.2-1
2.13.2-1build1
2.13.2-1build2

Ecosystem specific

{
    "ubuntu_priority": "medium"
}