"Icinga Icinga Web2 2.0.0 through 2.6.4, 2.7.4 and 2.8.2 has a Directory Traversal vulnerability which allows an attacker to access arbitrary files that are readable by the process running Icinga Web 2. This issue is fixed in Icinga Web 2 in v2.6.4, v2.7.4 and v2.8.2."
Please bump to 2.7.4 & 2.8.2.
Please remember to use bug commit tags so security sees the bump happens! This has been done for some time now.
GLSA request filed
The bug has been referenced in the following commit(s):
Author: GLSAMaker <email@example.com>
AuthorDate: 2022-08-04 13:54:03 +0000
Commit: John Helmert III <firstname.lastname@example.org>
CommitDate: 2022-08-04 14:00:22 +0000
[ GLSA 202208-05 ] Icinga Web 2: Multiple Vulnerabilities
Signed-off-by: GLSAMaker <email@example.com>
Signed-off-by: John Helmert III <firstname.lastname@example.org>
glsa-202208-05.xml | 46 ++++++++++++++++++++++++++++++++++++++++++++++
1 file changed, 46 insertions(+)
GLSA released, all done!