CVE-2025-53840

Low CVSS: 2.4

Icinga DB Web provides a graphical interface for Icinga monitoring. Starting in version 1.2.0 and prior to version 1.2.2, users with access to Icinga Dependency Views, are allowed to see hosts and services that they weren't meant to on the dependency map. However, the name of an object will not be revealed nor does this grant access to a host's or service's detail view. Please note that this only affects the restrictions `filter/hosts` and `filter/services`. `filter/objects` is not affected by this and restricts objects as it is supposed to. Version 1.2.2 applies these restrictions properly. As a workaround, one may downgrade to version 1.1.3.

Vendor

Icinga

Product

Icinga Db Web

CWE

CWE-200

Yayın Tarihi

2025-07-16 14:15:28

Güncelleme

2025-12-11 18:26:44

Source Identifier

security-advisories@github.com

KEV Date Added

Kategoriler

CWE-200 Icinga Db Web LOW Icinga 2025

Referanslar

https://github.com/Icinga/icingadb-web/releases/tag/v1.2.2 https://github.com/Icinga/icingadb-web/security/advisories/GHSA-q2w7-mrx8-5473

Benzer Kayıtlar

Medium

CVE-2026-24413

Icinga 2 is an open source monitoring system. Starting in version 2.3.0 and prior to versions 2.13.14, 2.14.8, and 2.15.…

Medium

CVE-2026-24414

The Icinga PowerShell Framework provides configuration and check possibilities to ensure integration and monitoring of W…

Medium

CVE-2025-61909

Icinga 2 is an open source monitoring system. From 2.10.0 to before 2.15.1, 2.14.7, and 2.13.13, the safe-reload script…

High

CVE-2025-61907

Icinga 2 is an open source monitoring system. In Icinga 2 versions 2.4 through 2.15.0, filter expressions provided to th…

High

CVE-2025-61908

Icinga 2 is an open source monitoring system. From 2.10.0 to before 2.15.1, 2.14.7, and 2.13.13, when creating an invali…

Medium

CVE-2025-61789

Icinga DB Web provides a graphical interface for Icinga monitoring. Before 1.1.4 and 1.2.3, an authorized user with acce…