An update for Icinga Web 2 is now available for NetEye 4.12 and 4.13.
NetEye Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Description
Icinga Web 2 is an open-source front-end/framework developed by Icinga and is the primary frontend framework used in the NetEye 4 Product.
A Directory Traversal issue was discovered in Icinga Web 2 which could be exploited by attackers to read any local application files in the context of the running webserver.
Security Fix(es) for NetEye 4.13:
icingacli-2.7.3_neteye1.73.2-1.el7.noarch.rpm
icingaweb2-2.7.3_neteye1.73.2-1.el7.noarch.rpm : Path Traversal vulnerability in imgAction function (CVE-2020-24368)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Solution
For details on how to apply this update, which includes the changes described in this advisory, refer to the NetEye Update Section inside the User Guide.
After installing the updated packages, the httpd daemon will be restarted automatically.
Affected Products
All NetEye 4.x versions prior to and including 4.13.
Fixes
ICW-315 – (CVE-2020-24368) icingaweb2: Path Traversal vulnerability in file parameter
Hi folks!
I began loving computer since 1994, it was still the time of windows 3.1. Immediately I learned starting DOS games from the command promt, and while typing some white text on black background I felt like some hackish dude in a hollywoodian movie.
Later during the studies at the university, I discovered the magic world of opensource, and it was love at first sight. Finally I got rid of BSOD's =)
I love everything that is connected to some network, especially in a security perspective.
My motto is:
"With motivation, nothing is impossibile. It only requires more time."
Author
Thomas Forrer
Hi folks!
I began loving computer since 1994, it was still the time of windows 3.1. Immediately I learned starting DOS games from the command promt, and while typing some white text on black background I felt like some hackish dude in a hollywoodian movie.
Later during the studies at the university, I discovered the magic world of opensource, and it was love at first sight. Finally I got rid of BSOD's =)
I love everything that is connected to some network, especially in a security perspective.
My motto is:
"With motivation, nothing is impossibile. It only requires more time."
Synopsis High impact: Grafana security update Type/Severity Security Advisory: High impact Topic An update for grafana is now available for NetEye 4.22. NetEye Product Security has rated this update as having a security impact of High. Common Vulnerability Scoring System Read More
Synopsis Important: Elasticsearch and Logstash security mitigation Type/Severity Security Advisory: Important Topic A mitigation for Logstash and Elasticsearch is now available for NetEye 3. NetEye Product Security has rated this mitigation as having a security impact of Important. A Common Read More
Synopsis Important: Elasticsearch and Logstash security updates Type/Severity Security Advisory: Important Topic An update for Logstash and Elasticsearch is now available for NetEye 4.20 and 4.21. NetEye Product Security has rated this update as having a security impact of Important. Read More
Synopsis Important impact: httpd security update Type/Severity Security Advisory: Important impact Topic An update for httpd is now available for NetEye 4.17. NetEye Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring Read More
Synopsis Critical: NeDi security update Type/Severity Security Advisory: Critical Topic An update for NeDi is now available for NetEye. NetEye Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base Read More