openSUSE-SU-2022:0087-1

See a problem?

Import Source

https://ftp.suse.com/pub/projects/security/osv/openSUSE-SU-2022:0087-1.json

JSON Data

https://api.test.osv.dev/v1/vulns/openSUSE-SU-2022:0087-1

Related

Published

2022-03-21T11:10:01Z

Modified

2022-03-21T11:10:01Z

Summary

Security update for icingaweb2

Details

This update for icingaweb2 fixes the following issues:

icingaweb2 was updated to 2.8.6

This is a security release.

Security Fixes
CVE-2022-24715: SSH resources allow arbitrary code execution for authenticated users (GHSA-v9mv-h52f-7g63 boo#1196911)
CVE-2022-24714: Unwanted disclosure of hosts and related data, linked to decommissioned services (GHSA-qcmg-vr56-x9wf boo#1196913)

References

Affected packages

SUSE:Package Hub 12 / icingaweb2

Package

Name: icingaweb2
Purl: pkg:rpm/suse/icingaweb2&distro=SUSE%20Package%20Hub%2012

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.8.6-15.1

Ecosystem specific

{
    "binaries": [
        {
            "icingaweb2-common": "2.8.6-15.1",
            "icingaweb2-vendor-HTMLPurifier": "2.8.6-15.1",
            "php-Icinga": "2.8.6-15.1",
            "icingacli": "2.8.6-15.1",
            "icingaweb2-vendor-JShrink": "2.8.6-15.1",
            "icingaweb2-vendor-lessphp": "2.8.6-15.1",
            "icingaweb2-vendor-Parsedown": "2.8.6-15.1",
            "icingaweb2": "2.8.6-15.1",
            "icingaweb2-vendor-dompdf": "2.8.6-15.1",
            "icingaweb2-vendor-zf1": "2.8.6-15.1"
        }
    ]
}