Description: "Icinga Icinga Web2 2.0.0 through 2.6.4, 2.7.4 and 2.8.2 has a Directory Traversal vulnerability which allows an attacker to access arbitrary files that are readable by the process running Icinga Web 2. This issue is fixed in Icinga Web 2 in v2.6.4, v2.7.4 and v2.8.2."
Please bump to 2.7.4 & 2.8.2.
Please remember to use bug commit tags so security sees the bump happens! This has been done for some time now.
GLSA request filed
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/data/glsa.git/commit/?id=911ba97fd465c36414fa2eb8a1fea31d4152990a commit 911ba97fd465c36414fa2eb8a1fea31d4152990a Author: GLSAMaker <glsamaker@gentoo.org> AuthorDate: 2022-08-04 13:54:03 +0000 Commit: John Helmert III <ajak@gentoo.org> CommitDate: 2022-08-04 14:00:22 +0000 [ GLSA 202208-05 ] Icinga Web 2: Multiple Vulnerabilities Bug: https://bugs.gentoo.org/738024 Bug: https://bugs.gentoo.org/834802 Signed-off-by: GLSAMaker <glsamaker@gentoo.org> Signed-off-by: John Helmert III <ajak@gentoo.org> glsa-202208-05.xml | 46 ++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 46 insertions(+)
GLSA released, all done!