UBUNTU-CVE-2024-41811
- Source
- https://ubuntu.com/security/CVE-2024-41811
- Import Source
- https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2024/UBUNTU-CVE-2024-41811.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/UBUNTU-CVE-2024-41811
- Upstream
- Published
- 2024-08-05T21:15:00Z
- Modified
- 2025-07-16T08:30:30.436869Z
- Severity
-
- 3.9 (Low) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:L CVSS Calculator
- Ubuntu - medium
- Summary
- [none]
- Details
-
ipl/web is a set of common web components for php projects. Some of the recent development by Icinga is, under certain circumstances, susceptible to cross site request forgery. (CSRF). All affected products, in any version, will be unaffected by this once
icinga-php-libraryis upgraded. Version 0.10.1 includes a fix for this. It will be published as part of theicinga-php-libraryv0.14.1 release. - References
-
- https://ubuntu.com/security/CVE-2024-41811
- https://www.cve.org/CVERecord?id=CVE-2024-41811
- https://github.com/Icinga/ipl-web/security/advisories/GHSA-w9pg-7c3h-fc8j
- https://github.com/Icinga/ipl-web/commit/492336fdb57a5bb0881ed642ab36f5841337571e
- https://github.com/Icinga/icinga-php-library/commit/20c73075a9e9824d089bbd2e433bb2f613fd5801
Affected packages
Ubuntu:22.04:LTS / icinga-php-library
Package
- Name
- icinga-php-library
- Purl
- pkg:deb/ubuntu/icinga-php-library@0.7.0-1?arch=source&distro=jammy