Icinga2 Security Update Advisory (CVE-2024-49369)

Nov 19 2024

Overview

An update has been released to address vulnerabilities in Icinga2. Users of the affected versions are advised to update to the latest version.

Affected Products

CVE-2024-49369

Icinga 2 versions: 2.4.0 (inclusive) ~ 2.14.3 (excluded)
Icinga 2 versions: 2.4.0 (inclusive) ~ 2.13.10 (excluded)
Icinga 2 versions: 2.4.0 (inclusive) ~ 2.12.11 (excluded)
Icinga 2 versions: 2.4.0 (inclusive) ~ 2.11.12 (excluded)

Resolved Vulnerabilities

Certificate validation vulnerability in Icinga 2 that could allow an attacker to masquerade as a trusted cluster node or API user with a TLS client certificate (CVE-2024-49369)

Vulnerability Patches

Vulnerability patches have been made available in the latest updates. Please follow the instructions on the Referenced Sites to update to the latest Vulnerability Patches version.

CVE-2024-49369

Icinga 2 version: 2.14.3
Icinga 2 version: 2.13.10
Icinga 2 version: 2.12.11
Icinga 2 version: 2.11.12

Referenced Sites

[1] CVE-2024-49369 Detail

https://nvd.nist.gov/vuln/detail/CVE-2024-49369

[2] TLS Certificate Validation Bypass for JSON-RPC and HTTP API Connections

https://github.com/Icinga/icinga2/security/advisories/GHSA-j7wq-r9mg-9wpv

Icinga2 Security Update Advisory (CVE-2024-49369)

IBM Product Security Update Advisory (CVE-2024-39726)

WordPress Plugin Security Update Advisory (CVE-2024-10924, CVE-2024-8856)

Tags:

IBM Product Security Update Advisory (CVE-2024-39726)

WordPress Plugin Security Update Advisory (CVE-2024-10924, CVE-2024-8856)