📦 Icinga

A certificate validation vulnerability in Icinga 2 allows attackers to obtain valid certificates by tricking the system into treating malicious certificate requests as renewals. This enables impersona...

CVE-2024-49369 is a critical TLS certificate validation flaw in Icinga 2 that allows attackers to impersonate trusted cluster nodes and API users using TLS client certificates. This enables unauthoriz...

This vulnerability in Icinga 2 allows revoked certificates to be automatically renewed despite being on a Certificate Revocation List (CRL), bypassing certificate revocation checks. This affects Icing...

CVE-2024-24820 is a Cross-Site Request Forgery (CSRF) vulnerability in Icinga Director that allows attackers to perform unauthorized configuration changes in monitoring environments. All Icinga Direct...

Icinga 2 monitoring system exposes sensitive credentials (database, Redis, Elasticsearch passwords) through its API to authenticated users with read permissions. This allows attackers who obtain API a...

The Icinga 2 MSI installer on Windows sets overly permissive folder permissions, allowing all local users to read sensitive files including private keys and configuration data. This affects all Window...

This vulnerability allows the Icinga daemon user to send signals to arbitrary processes by exploiting a race condition in the safe-reload script and logrotate configuration. The issue occurs because t...

This vulnerability allows authenticated API users in Icinga 2 to bypass permission restrictions and access sensitive information they shouldn't have access to. Attackers can exploit filter expressions...

This vulnerability in Icinga 2 allows any authenticated API user to crash the monitoring daemon by creating invalid references (like null references) in filter expressions. It affects Icinga 2 version...