Description

Icinga is a monitoring system which checks the availability of network resources, notifies users of outages, and generates performance data for reporting. The TLS certificate validation in all Icinga 2 versions starting from 2.4.0 was flawed, allowing an attacker to impersonate both trusted cluster nodes as well as any API users that use TLS client certificates for authentication (ApiUser objects with the client_cn attribute set). This vulnerability has been fixed in v2.14.3, v2.13.10, v2.12.11, and v2.11.12.

INFO

Published Date :

2024-11-12T16:44:01.713Z

Last Modified :

2025-11-03T22:22:15.314Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2024-49369 vulnerability.

Vendors Products
Debian
  • Debian Linux
Icinga
  • Icinga
  • Icinga Web 2
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2024-49369.

URL Resource
https://github.com/Icinga/icinga2/commit/0419a2c36de408e9a703aec0962061ec9a285d3c cve-icon cve-icon
https://github.com/Icinga/icinga2/commit/2febc5e18ae0c93d989e64ebc2a9fd90e7205ad8 cve-icon cve-icon
https://github.com/Icinga/icinga2/commit/3504fc7ed688c10d86988e2029a65efc311393fe cve-icon cve-icon
https://github.com/Icinga/icinga2/commit/869a7d6f0fe38c748e67bacc1fbdd42c933030f6 cve-icon cve-icon
https://github.com/Icinga/icinga2/commit/8fed6608912c752b337d977f730547875a820831 cve-icon cve-icon
https://github.com/Icinga/icinga2/security/advisories/GHSA-j7wq-r9mg-9wpv cve-icon cve-icon
https://icinga.com/blog/2024/11/12/critical-icinga-2-security-releases-2-14-3 cve-icon cve-icon
https://lists.debian.org/debian-lts-announce/2024/11/msg00010.html cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact