发布于3月6日3月6日 Members FreeBSD: VID-0A82BC4D-A129-11EF-8351-589CFC0F81B0 (CVE-2024-49369): icinga2 -- TLS Certificate Validation Bypass Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 11/12/2024 Created 11/15/2024 Added 11/14/2024 Modified 11/14/2024 Description Icinga is a monitoring system which checks the availability of network resources, notifies users of outages, and generates performance data for reporting. The TLS certificate validation in all Icinga 2 versions starting from 2.4.0 was flawed, allowing an attacker to impersonate both trusted cluster nodes as well as any API users that use TLS client certificates for authentication (ApiUser objects with the client_cn attribute set). This vulnerability has been fixed in v2.14.3, v2.13.10, v2.12.11, and v2.11.12. Solution(s) freebsd-upgrade-package-icinga2 References CVE-2024-49369
参与讨论
你可立刻发布并稍后注册。 如果你有帐户,立刻登录发布帖子。