Action not permitted
Modal body text goes here.
Modal Title
Modal Body
cve-2021-32743
Vulnerability from cvelistv5
Published
2021-07-15 16:05
Modified
2024-08-03 23:33
Severity ?
EPSS score ?
Summary
Icinga is a monitoring system which checks the availability of network resources, notifies users of outages, and generates performance data for reporting. In versions prior to 2.11.10 and from version 2.12.0 through version 2.12.4, some of the Icinga 2 features that require credentials for external services expose those credentials through the API to authenticated API users with read permissions for the corresponding object types. IdoMysqlConnection and IdoPgsqlConnection (every released version) exposes the password of the user used to connect to the database. IcingaDB (added in 2.12.0) exposes the password used to connect to the Redis server. ElasticsearchWriter (added in 2.8.0)exposes the password used to connect to the Elasticsearch server. An attacker who obtains these credentials can impersonate Icinga to these services and add, modify and delete information there. If credentials with more permissions are in use, this increases the impact accordingly. Starting with the 2.11.10 and 2.12.5 releases, these passwords are no longer exposed via the API. As a workaround, API user permissions can be restricted to not allow querying of any affected objects, either by explicitly listing only the required object types for object query permissions, or by applying a filter rule.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security-advisories@github.com | https://github.com/Icinga/icinga2/security/advisories/GHSA-wrpw-pmr8-qgj7 | Exploit, Third Party Advisory | |
| security-advisories@github.com | https://icinga.com/blog/2021/07/15/releasing-icinga-2-12-5-and-2-11-10/ | Exploit, Vendor Advisory | |
| security-advisories@github.com | https://lists.debian.org/debian-lts-announce/2021/11/msg00010.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/Icinga/icinga2/security/advisories/GHSA-wrpw-pmr8-qgj7 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://icinga.com/blog/2021/07/15/releasing-icinga-2-12-5-and-2-11-10/ | Exploit, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2021/11/msg00010.html | Mailing List, Third Party Advisory |
Impacted products
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T23:33:54.856Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://github.com/Icinga/icinga2/security/advisories/GHSA-wrpw-pmr8-qgj7", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://icinga.com/blog/2021/07/15/releasing-icinga-2-12-5-and-2-11-10/", }, { name: "[debian-lts-announce] 20211110 [SECURITY] [DLA 2816-1] icinga2 security update", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2021/11/msg00010.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "icinga2", vendor: "Icinga", versions: [ { status: "affected", version: "< 2.11.10", }, { status: "affected", version: ">= 2.12.0, <= 2.12.4", }, ], }, ], descriptions: [ { lang: "en", value: "Icinga is a monitoring system which checks the availability of network resources, notifies users of outages, and generates performance data for reporting. In versions prior to 2.11.10 and from version 2.12.0 through version 2.12.4, some of the Icinga 2 features that require credentials for external services expose those credentials through the API to authenticated API users with read permissions for the corresponding object types. IdoMysqlConnection and IdoPgsqlConnection (every released version) exposes the password of the user used to connect to the database. IcingaDB (added in 2.12.0) exposes the password used to connect to the Redis server. ElasticsearchWriter (added in 2.8.0)exposes the password used to connect to the Elasticsearch server. An attacker who obtains these credentials can impersonate Icinga to these services and add, modify and delete information there. If credentials with more permissions are in use, this increases the impact accordingly. Starting with the 2.11.10 and 2.12.5 releases, these passwords are no longer exposed via the API. As a workaround, API user permissions can be restricted to not allow querying of any affected objects, either by explicitly listing only the required object types for object query permissions, or by applying a filter rule.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-202", description: "CWE-202: Exposure of Sensitive Information Through Data Queries", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2021-11-10T23:06:14", orgId: "a0819718-46f1-4df5-94e2-005712e83aaa", shortName: "GitHub_M", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://github.com/Icinga/icinga2/security/advisories/GHSA-wrpw-pmr8-qgj7", }, { tags: [ "x_refsource_MISC", ], url: "https://icinga.com/blog/2021/07/15/releasing-icinga-2-12-5-and-2-11-10/", }, { name: "[debian-lts-announce] 20211110 [SECURITY] [DLA 2816-1] icinga2 security update", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.debian.org/debian-lts-announce/2021/11/msg00010.html", }, ], source: { advisory: "GHSA-wrpw-pmr8-qgj7", discovery: "UNKNOWN", }, title: "Passwords used to access external services inadvertently exposed through API", x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "security-advisories@github.com", ID: "CVE-2021-32743", STATE: "PUBLIC", TITLE: "Passwords used to access external services inadvertently exposed through API", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "icinga2", version: { version_data: [ { version_value: "< 2.11.10", }, { version_value: ">= 2.12.0, <= 2.12.4", }, ], }, }, ], }, vendor_name: "Icinga", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Icinga is a monitoring system which checks the availability of network resources, notifies users of outages, and generates performance data for reporting. In versions prior to 2.11.10 and from version 2.12.0 through version 2.12.4, some of the Icinga 2 features that require credentials for external services expose those credentials through the API to authenticated API users with read permissions for the corresponding object types. IdoMysqlConnection and IdoPgsqlConnection (every released version) exposes the password of the user used to connect to the database. IcingaDB (added in 2.12.0) exposes the password used to connect to the Redis server. ElasticsearchWriter (added in 2.8.0)exposes the password used to connect to the Elasticsearch server. An attacker who obtains these credentials can impersonate Icinga to these services and add, modify and delete information there. If credentials with more permissions are in use, this increases the impact accordingly. Starting with the 2.11.10 and 2.12.5 releases, these passwords are no longer exposed via the API. As a workaround, API user permissions can be restricted to not allow querying of any affected objects, either by explicitly listing only the required object types for object query permissions, or by applying a filter rule.", }, ], }, impact: { cvss: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-202: Exposure of Sensitive Information Through Data Queries", }, ], }, ], }, references: { reference_data: [ { name: "https://github.com/Icinga/icinga2/security/advisories/GHSA-wrpw-pmr8-qgj7", refsource: "CONFIRM", url: "https://github.com/Icinga/icinga2/security/advisories/GHSA-wrpw-pmr8-qgj7", }, { name: "https://icinga.com/blog/2021/07/15/releasing-icinga-2-12-5-and-2-11-10/", refsource: "MISC", url: "https://icinga.com/blog/2021/07/15/releasing-icinga-2-12-5-and-2-11-10/", }, { name: "[debian-lts-announce] 20211110 [SECURITY] [DLA 2816-1] icinga2 security update", refsource: "MLIST", url: "https://lists.debian.org/debian-lts-announce/2021/11/msg00010.html", }, ], }, source: { advisory: "GHSA-wrpw-pmr8-qgj7", discovery: "UNKNOWN", }, }, }, }, cveMetadata: { assignerOrgId: "a0819718-46f1-4df5-94e2-005712e83aaa", assignerShortName: "GitHub_M", cveId: "CVE-2021-32743", datePublished: "2021-07-15T16:05:12", dateReserved: "2021-05-12T00:00:00", dateUpdated: "2024-08-03T23:33:54.856Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", "vulnerability-lookup:meta": { fkie_nvd: { configurations: "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:icinga:icinga:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"2.0.0\", \"versionEndExcluding\": \"2.11.10\", \"matchCriteriaId\": \"ED80D98A-D84D-453B-8324-92AC03F5AE14\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:icinga:icinga:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"2.12.0\", \"versionEndExcluding\": \"2.12.5\", \"matchCriteriaId\": \"0FC541DF-0A24-4C5F-90EF-A7D40EFFDB5D\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"DEECE5FC-CACF-4496-A3E7-164736409252\"}]}]}]", descriptions: "[{\"lang\": \"en\", \"value\": \"Icinga is a monitoring system which checks the availability of network resources, notifies users of outages, and generates performance data for reporting. In versions prior to 2.11.10 and from version 2.12.0 through version 2.12.4, some of the Icinga 2 features that require credentials for external services expose those credentials through the API to authenticated API users with read permissions for the corresponding object types. IdoMysqlConnection and IdoPgsqlConnection (every released version) exposes the password of the user used to connect to the database. IcingaDB (added in 2.12.0) exposes the password used to connect to the Redis server. ElasticsearchWriter (added in 2.8.0)exposes the password used to connect to the Elasticsearch server. An attacker who obtains these credentials can impersonate Icinga to these services and add, modify and delete information there. If credentials with more permissions are in use, this increases the impact accordingly. Starting with the 2.11.10 and 2.12.5 releases, these passwords are no longer exposed via the API. As a workaround, API user permissions can be restricted to not allow querying of any affected objects, either by explicitly listing only the required object types for object query permissions, or by applying a filter rule.\"}, {\"lang\": \"es\", \"value\": \"Icinga es un sistema de monitorizaci\\u00f3n que comprueba la disponibilidad de los recursos de la red, notifica a los usuarios de las interrupciones y genera datos de rendimiento para informes. En las versiones anteriores a 2.11.10 y desde versi\\u00f3n 2.12.0 hasta versi\\u00f3n 2.12.4, algunas de las funcionalidades de Icinga 2 que requieren credenciales para servicios externos exponen dichas credenciales mediante la API a los usuarios autenticados de la API con permisos de lectura para los tipos de objetos correspondientes. IdoMysqlConnection y IdoPgsqlConnection (cada versi\\u00f3n liberada) expone la contrase\\u00f1a del usuario usado para conectarse a la base de datos. IcingaDB (a\\u00f1adido en versi\\u00f3n 2.12.0) expone la contrase\\u00f1a usada para conectarse al servidor Redis. ElasticsearchWriter (a\\u00f1adido en versi\\u00f3n 2.8.0) expone la contrase\\u00f1a usada para conectarse al servidor Elasticsearch. Un atacante que obtenga estas credenciales puede hacerse pasar por Icinga a estos servicios y a\\u00f1adir, modificar y eliminar informaci\\u00f3n all\\u00ed. Si las credenciales con m\\u00e1s permisos est\\u00e1n en uso, el impacto aumenta acorde. A partir de las versiones 2.11.10 y 2.12.5, estas contrase\\u00f1as ya no est\\u00e1n expuestas por medio de la API. Como soluci\\u00f3n, los permisos de usuario de la API pueden restringirse para no permitir la consulta de los objetos afectados, ya sea enumerando expl\\u00edcitamente s\\u00f3lo los tipos de objetos requeridos para los permisos de consulta de objetos o aplicando una regla de filtro\"}]", id: "CVE-2021-32743", lastModified: "2024-11-21T06:07:39.243", metrics: "{\"cvssMetricV31\": [{\"source\": \"security-advisories@github.com\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 8.8, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 5.9}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 8.8, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 5.9}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:S/C:P/I:P/A:P\", \"baseScore\": 6.5, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"SINGLE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 8.0, \"impactScore\": 6.4, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}", published: "2021-07-15T16:15:09.620", references: "[{\"url\": \"https://github.com/Icinga/icinga2/security/advisories/GHSA-wrpw-pmr8-qgj7\", \"source\": \"security-advisories@github.com\", \"tags\": [\"Exploit\", \"Third Party Advisory\"]}, {\"url\": \"https://icinga.com/blog/2021/07/15/releasing-icinga-2-12-5-and-2-11-10/\", \"source\": \"security-advisories@github.com\", \"tags\": [\"Exploit\", \"Vendor Advisory\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2021/11/msg00010.html\", \"source\": \"security-advisories@github.com\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://github.com/Icinga/icinga2/security/advisories/GHSA-wrpw-pmr8-qgj7\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\", \"Third Party Advisory\"]}, {\"url\": \"https://icinga.com/blog/2021/07/15/releasing-icinga-2-12-5-and-2-11-10/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\", \"Vendor Advisory\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2021/11/msg00010.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}]", sourceIdentifier: "security-advisories@github.com", vulnStatus: "Modified", weaknesses: "[{\"source\": \"security-advisories@github.com\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-202\"}]}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"NVD-CWE-Other\"}]}]", }, nvd: "{\"cve\":{\"id\":\"CVE-2021-32743\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2021-07-15T16:15:09.620\",\"lastModified\":\"2024-11-21T06:07:39.243\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Icinga is a monitoring system which checks the availability of network resources, notifies users of outages, and generates performance data for reporting. In versions prior to 2.11.10 and from version 2.12.0 through version 2.12.4, some of the Icinga 2 features that require credentials for external services expose those credentials through the API to authenticated API users with read permissions for the corresponding object types. IdoMysqlConnection and IdoPgsqlConnection (every released version) exposes the password of the user used to connect to the database. IcingaDB (added in 2.12.0) exposes the password used to connect to the Redis server. ElasticsearchWriter (added in 2.8.0)exposes the password used to connect to the Elasticsearch server. An attacker who obtains these credentials can impersonate Icinga to these services and add, modify and delete information there. If credentials with more permissions are in use, this increases the impact accordingly. Starting with the 2.11.10 and 2.12.5 releases, these passwords are no longer exposed via the API. As a workaround, API user permissions can be restricted to not allow querying of any affected objects, either by explicitly listing only the required object types for object query permissions, or by applying a filter rule.\"},{\"lang\":\"es\",\"value\":\"Icinga es un sistema de monitorización que comprueba la disponibilidad de los recursos de la red, notifica a los usuarios de las interrupciones y genera datos de rendimiento para informes. En las versiones anteriores a 2.11.10 y desde versión 2.12.0 hasta versión 2.12.4, algunas de las funcionalidades de Icinga 2 que requieren credenciales para servicios externos exponen dichas credenciales mediante la API a los usuarios autenticados de la API con permisos de lectura para los tipos de objetos correspondientes. IdoMysqlConnection y IdoPgsqlConnection (cada versión liberada) expone la contraseña del usuario usado para conectarse a la base de datos. IcingaDB (añadido en versión 2.12.0) expone la contraseña usada para conectarse al servidor Redis. ElasticsearchWriter (añadido en versión 2.8.0) expone la contraseña usada para conectarse al servidor Elasticsearch. Un atacante que obtenga estas credenciales puede hacerse pasar por Icinga a estos servicios y añadir, modificar y eliminar información allí. Si las credenciales con más permisos están en uso, el impacto aumenta acorde. A partir de las versiones 2.11.10 y 2.12.5, estas contraseñas ya no están expuestas por medio de la API. Como solución, los permisos de usuario de la API pueden restringirse para no permitir la consulta de los objetos afectados, ya sea enumerando explícitamente sólo los tipos de objetos requeridos para los permisos de consulta de objetos o aplicando una regla de filtro\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":8.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":5.9},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":8.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:S/C:P/I:P/A:P\",\"baseScore\":6.5,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"SINGLE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.0,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-202\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-Other\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:icinga:icinga:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"2.0.0\",\"versionEndExcluding\":\"2.11.10\",\"matchCriteriaId\":\"ED80D98A-D84D-453B-8324-92AC03F5AE14\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:icinga:icinga:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"2.12.0\",\"versionEndExcluding\":\"2.12.5\",\"matchCriteriaId\":\"0FC541DF-0A24-4C5F-90EF-A7D40EFFDB5D\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DEECE5FC-CACF-4496-A3E7-164736409252\"}]}]}],\"references\":[{\"url\":\"https://github.com/Icinga/icinga2/security/advisories/GHSA-wrpw-pmr8-qgj7\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://icinga.com/blog/2021/07/15/releasing-icinga-2-12-5-and-2-11-10/\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Exploit\",\"Vendor Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2021/11/msg00010.html\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/Icinga/icinga2/security/advisories/GHSA-wrpw-pmr8-qgj7\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://icinga.com/blog/2021/07/15/releasing-icinga-2-12-5-and-2-11-10/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Vendor Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2021/11/msg00010.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]}]}}", }, }
fkie_cve-2021-32743
Vulnerability from fkie_nvd
Published
2021-07-15 16:15
Modified
2024-11-21 06:07
Severity ?
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
Icinga is a monitoring system which checks the availability of network resources, notifies users of outages, and generates performance data for reporting. In versions prior to 2.11.10 and from version 2.12.0 through version 2.12.4, some of the Icinga 2 features that require credentials for external services expose those credentials through the API to authenticated API users with read permissions for the corresponding object types. IdoMysqlConnection and IdoPgsqlConnection (every released version) exposes the password of the user used to connect to the database. IcingaDB (added in 2.12.0) exposes the password used to connect to the Redis server. ElasticsearchWriter (added in 2.8.0)exposes the password used to connect to the Elasticsearch server. An attacker who obtains these credentials can impersonate Icinga to these services and add, modify and delete information there. If credentials with more permissions are in use, this increases the impact accordingly. Starting with the 2.11.10 and 2.12.5 releases, these passwords are no longer exposed via the API. As a workaround, API user permissions can be restricted to not allow querying of any affected objects, either by explicitly listing only the required object types for object query permissions, or by applying a filter rule.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security-advisories@github.com | https://github.com/Icinga/icinga2/security/advisories/GHSA-wrpw-pmr8-qgj7 | Exploit, Third Party Advisory | |
| security-advisories@github.com | https://icinga.com/blog/2021/07/15/releasing-icinga-2-12-5-and-2-11-10/ | Exploit, Vendor Advisory | |
| security-advisories@github.com | https://lists.debian.org/debian-lts-announce/2021/11/msg00010.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/Icinga/icinga2/security/advisories/GHSA-wrpw-pmr8-qgj7 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://icinga.com/blog/2021/07/15/releasing-icinga-2-12-5-and-2-11-10/ | Exploit, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2021/11/msg00010.html | Mailing List, Third Party Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:icinga:icinga:*:*:*:*:*:*:*:*", matchCriteriaId: "ED80D98A-D84D-453B-8324-92AC03F5AE14", versionEndExcluding: "2.11.10", versionStartIncluding: "2.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:icinga:icinga:*:*:*:*:*:*:*:*", matchCriteriaId: "0FC541DF-0A24-4C5F-90EF-A7D40EFFDB5D", versionEndExcluding: "2.12.5", versionStartIncluding: "2.12.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", matchCriteriaId: "DEECE5FC-CACF-4496-A3E7-164736409252", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Icinga is a monitoring system which checks the availability of network resources, notifies users of outages, and generates performance data for reporting. In versions prior to 2.11.10 and from version 2.12.0 through version 2.12.4, some of the Icinga 2 features that require credentials for external services expose those credentials through the API to authenticated API users with read permissions for the corresponding object types. IdoMysqlConnection and IdoPgsqlConnection (every released version) exposes the password of the user used to connect to the database. IcingaDB (added in 2.12.0) exposes the password used to connect to the Redis server. ElasticsearchWriter (added in 2.8.0)exposes the password used to connect to the Elasticsearch server. An attacker who obtains these credentials can impersonate Icinga to these services and add, modify and delete information there. If credentials with more permissions are in use, this increases the impact accordingly. Starting with the 2.11.10 and 2.12.5 releases, these passwords are no longer exposed via the API. As a workaround, API user permissions can be restricted to not allow querying of any affected objects, either by explicitly listing only the required object types for object query permissions, or by applying a filter rule.", }, { lang: "es", value: "Icinga es un sistema de monitorización que comprueba la disponibilidad de los recursos de la red, notifica a los usuarios de las interrupciones y genera datos de rendimiento para informes. En las versiones anteriores a 2.11.10 y desde versión 2.12.0 hasta versión 2.12.4, algunas de las funcionalidades de Icinga 2 que requieren credenciales para servicios externos exponen dichas credenciales mediante la API a los usuarios autenticados de la API con permisos de lectura para los tipos de objetos correspondientes. IdoMysqlConnection y IdoPgsqlConnection (cada versión liberada) expone la contraseña del usuario usado para conectarse a la base de datos. IcingaDB (añadido en versión 2.12.0) expone la contraseña usada para conectarse al servidor Redis. ElasticsearchWriter (añadido en versión 2.8.0) expone la contraseña usada para conectarse al servidor Elasticsearch. Un atacante que obtenga estas credenciales puede hacerse pasar por Icinga a estos servicios y añadir, modificar y eliminar información allí. Si las credenciales con más permisos están en uso, el impacto aumenta acorde. A partir de las versiones 2.11.10 y 2.12.5, estas contraseñas ya no están expuestas por medio de la API. Como solución, los permisos de usuario de la API pueden restringirse para no permitir la consulta de los objetos afectados, ya sea enumerando explícitamente sólo los tipos de objetos requeridos para los permisos de consulta de objetos o aplicando una regla de filtro", }, ], id: "CVE-2021-32743", lastModified: "2024-11-21T06:07:39.243", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "PARTIAL", baseScore: 6.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:S/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 8, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "security-advisories@github.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-07-15T16:15:09.620", references: [ { source: "security-advisories@github.com", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/Icinga/icinga2/security/advisories/GHSA-wrpw-pmr8-qgj7", }, { source: "security-advisories@github.com", tags: [ "Exploit", "Vendor Advisory", ], url: "https://icinga.com/blog/2021/07/15/releasing-icinga-2-12-5-and-2-11-10/", }, { source: "security-advisories@github.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2021/11/msg00010.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/Icinga/icinga2/security/advisories/GHSA-wrpw-pmr8-qgj7", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Vendor Advisory", ], url: "https://icinga.com/blog/2021/07/15/releasing-icinga-2-12-5-and-2-11-10/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2021/11/msg00010.html", }, ], sourceIdentifier: "security-advisories@github.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-202", }, ], source: "security-advisories@github.com", type: "Secondary", }, { description: [ { lang: "en", value: "NVD-CWE-Other", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
gsd-2021-32743
Vulnerability from gsd
Modified
2023-12-13 01:23
Details
Icinga is a monitoring system which checks the availability of network resources, notifies users of outages, and generates performance data for reporting. In versions prior to 2.11.10 and from version 2.12.0 through version 2.12.4, some of the Icinga 2 features that require credentials for external services expose those credentials through the API to authenticated API users with read permissions for the corresponding object types. IdoMysqlConnection and IdoPgsqlConnection (every released version) exposes the password of the user used to connect to the database. IcingaDB (added in 2.12.0) exposes the password used to connect to the Redis server. ElasticsearchWriter (added in 2.8.0)exposes the password used to connect to the Elasticsearch server. An attacker who obtains these credentials can impersonate Icinga to these services and add, modify and delete information there. If credentials with more permissions are in use, this increases the impact accordingly. Starting with the 2.11.10 and 2.12.5 releases, these passwords are no longer exposed via the API. As a workaround, API user permissions can be restricted to not allow querying of any affected objects, either by explicitly listing only the required object types for object query permissions, or by applying a filter rule.
Aliases
Aliases
{ GSD: { alias: "CVE-2021-32743", description: "Icinga is a monitoring system which checks the availability of network resources, notifies users of outages, and generates performance data for reporting. In versions prior to 2.11.10 and from version 2.12.0 through version 2.12.4, some of the Icinga 2 features that require credentials for external services expose those credentials through the API to authenticated API users with read permissions for the corresponding object types. IdoMysqlConnection and IdoPgsqlConnection (every released version) exposes the password of the user used to connect to the database. IcingaDB (added in 2.12.0) exposes the password used to connect to the Redis server. ElasticsearchWriter (added in 2.8.0)exposes the password used to connect to the Elasticsearch server. An attacker who obtains these credentials can impersonate Icinga to these services and add, modify and delete information there. If credentials with more permissions are in use, this increases the impact accordingly. Starting with the 2.11.10 and 2.12.5 releases, these passwords are no longer exposed via the API. As a workaround, API user permissions can be restricted to not allow querying of any affected objects, either by explicitly listing only the required object types for object query permissions, or by applying a filter rule.", id: "GSD-2021-32743", references: [ "https://www.suse.com/security/cve/CVE-2021-32743.html", ], }, gsd: { metadata: { exploitCode: "unknown", remediation: "unknown", reportConfidence: "confirmed", type: "vulnerability", }, osvSchema: { aliases: [ "CVE-2021-32743", ], details: "Icinga is a monitoring system which checks the availability of network resources, notifies users of outages, and generates performance data for reporting. In versions prior to 2.11.10 and from version 2.12.0 through version 2.12.4, some of the Icinga 2 features that require credentials for external services expose those credentials through the API to authenticated API users with read permissions for the corresponding object types. IdoMysqlConnection and IdoPgsqlConnection (every released version) exposes the password of the user used to connect to the database. IcingaDB (added in 2.12.0) exposes the password used to connect to the Redis server. ElasticsearchWriter (added in 2.8.0)exposes the password used to connect to the Elasticsearch server. An attacker who obtains these credentials can impersonate Icinga to these services and add, modify and delete information there. If credentials with more permissions are in use, this increases the impact accordingly. Starting with the 2.11.10 and 2.12.5 releases, these passwords are no longer exposed via the API. As a workaround, API user permissions can be restricted to not allow querying of any affected objects, either by explicitly listing only the required object types for object query permissions, or by applying a filter rule.", id: "GSD-2021-32743", modified: "2023-12-13T01:23:09.040621Z", schema_version: "1.4.0", }, }, namespaces: { "cve.org": { CVE_data_meta: { ASSIGNER: "security-advisories@github.com", ID: "CVE-2021-32743", STATE: "PUBLIC", TITLE: "Passwords used to access external services inadvertently exposed through API", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "icinga2", version: { version_data: [ { version_value: "< 2.11.10", }, { version_value: ">= 2.12.0, <= 2.12.4", }, ], }, }, ], }, vendor_name: "Icinga", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Icinga is a monitoring system which checks the availability of network resources, notifies users of outages, and generates performance data for reporting. In versions prior to 2.11.10 and from version 2.12.0 through version 2.12.4, some of the Icinga 2 features that require credentials for external services expose those credentials through the API to authenticated API users with read permissions for the corresponding object types. IdoMysqlConnection and IdoPgsqlConnection (every released version) exposes the password of the user used to connect to the database. IcingaDB (added in 2.12.0) exposes the password used to connect to the Redis server. ElasticsearchWriter (added in 2.8.0)exposes the password used to connect to the Elasticsearch server. An attacker who obtains these credentials can impersonate Icinga to these services and add, modify and delete information there. If credentials with more permissions are in use, this increases the impact accordingly. Starting with the 2.11.10 and 2.12.5 releases, these passwords are no longer exposed via the API. As a workaround, API user permissions can be restricted to not allow querying of any affected objects, either by explicitly listing only the required object types for object query permissions, or by applying a filter rule.", }, ], }, impact: { cvss: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-202: Exposure of Sensitive Information Through Data Queries", }, ], }, ], }, references: { reference_data: [ { name: "https://github.com/Icinga/icinga2/security/advisories/GHSA-wrpw-pmr8-qgj7", refsource: "CONFIRM", url: "https://github.com/Icinga/icinga2/security/advisories/GHSA-wrpw-pmr8-qgj7", }, { name: "https://icinga.com/blog/2021/07/15/releasing-icinga-2-12-5-and-2-11-10/", refsource: "MISC", url: "https://icinga.com/blog/2021/07/15/releasing-icinga-2-12-5-and-2-11-10/", }, { name: "[debian-lts-announce] 20211110 [SECURITY] [DLA 2816-1] icinga2 security update", refsource: "MLIST", url: "https://lists.debian.org/debian-lts-announce/2021/11/msg00010.html", }, ], }, source: { advisory: "GHSA-wrpw-pmr8-qgj7", discovery: "UNKNOWN", }, }, "nvd.nist.gov": { configurations: { CVE_data_version: "4.0", nodes: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:a:icinga:icinga:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2.11.10", versionStartIncluding: "2.0.0", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:icinga:icinga:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2.12.5", versionStartIncluding: "2.12.0", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, ], }, cve: { CVE_data_meta: { ASSIGNER: "security-advisories@github.com", ID: "CVE-2021-32743", }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "en", value: "Icinga is a monitoring system which checks the availability of network resources, notifies users of outages, and generates performance data for reporting. In versions prior to 2.11.10 and from version 2.12.0 through version 2.12.4, some of the Icinga 2 features that require credentials for external services expose those credentials through the API to authenticated API users with read permissions for the corresponding object types. IdoMysqlConnection and IdoPgsqlConnection (every released version) exposes the password of the user used to connect to the database. IcingaDB (added in 2.12.0) exposes the password used to connect to the Redis server. ElasticsearchWriter (added in 2.8.0)exposes the password used to connect to the Elasticsearch server. An attacker who obtains these credentials can impersonate Icinga to these services and add, modify and delete information there. If credentials with more permissions are in use, this increases the impact accordingly. Starting with the 2.11.10 and 2.12.5 releases, these passwords are no longer exposed via the API. As a workaround, API user permissions can be restricted to not allow querying of any affected objects, either by explicitly listing only the required object types for object query permissions, or by applying a filter rule.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "en", value: "CWE-202", }, ], }, ], }, references: { reference_data: [ { name: "https://icinga.com/blog/2021/07/15/releasing-icinga-2-12-5-and-2-11-10/", refsource: "MISC", tags: [ "Exploit", "Vendor Advisory", ], url: "https://icinga.com/blog/2021/07/15/releasing-icinga-2-12-5-and-2-11-10/", }, { name: "https://github.com/Icinga/icinga2/security/advisories/GHSA-wrpw-pmr8-qgj7", refsource: "CONFIRM", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/Icinga/icinga2/security/advisories/GHSA-wrpw-pmr8-qgj7", }, { name: "[debian-lts-announce] 20211110 [SECURITY] [DLA 2816-1] icinga2 security update", refsource: "MLIST", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2021/11/msg00010.html", }, ], }, }, impact: { baseMetricV2: { acInsufInfo: false, cvssV2: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "PARTIAL", baseScore: 6.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:S/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 8, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, severity: "MEDIUM", userInteractionRequired: false, }, baseMetricV3: { cvssV3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, }, }, lastModifiedDate: "2021-12-06T14:10Z", publishedDate: "2021-07-15T16:15Z", }, }, }
wid-sec-w-2024-3477
Vulnerability from csaf_certbund
Published
2021-07-15 22:00
Modified
2024-12-08 23:00
Summary
Icinga: Mehrere Schwachstellen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
Icinga ist ein Monitoring System.
Angriff
Ein entfernter, authentisierter Angreifer kann mehrere Schwachstellen in Icinga ausnutzen, um seine Privilegien zu erhöhen und vertrauliche Informationen offenzulegen.
Betroffene Betriebssysteme
- Linux
- UNIX
{ document: { aggregate_severity: { text: "hoch", }, category: "csaf_base", csaf_version: "2.0", distribution: { tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "de-DE", notes: [ { category: "legal_disclaimer", text: "Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.", }, { category: "description", text: "Icinga ist ein Monitoring System.", title: "Produktbeschreibung", }, { category: "summary", text: "Ein entfernter, authentisierter Angreifer kann mehrere Schwachstellen in Icinga ausnutzen, um seine Privilegien zu erhöhen und vertrauliche Informationen offenzulegen.", title: "Angriff", }, { category: "general", text: "- Linux\n- UNIX", title: "Betroffene Betriebssysteme", }, ], publisher: { category: "other", contact_details: "csaf-provider@cert-bund.de", name: "Bundesamt für Sicherheit in der Informationstechnik", namespace: "https://www.bsi.bund.de", }, references: [ { category: "self", summary: "WID-SEC-W-2024-3477 - CSAF Version", url: "https://wid.cert-bund.de/.well-known/csaf/white/2021/wid-sec-w-2024-3477.json", }, { category: "self", summary: "WID-SEC-2024-3477 - Portal Version", url: "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-3477", }, { category: "external", summary: "Github Icinga vom 2021-07-15", url: "https://github.com/Icinga/icinga2/security/advisories/GHSA-wrpw-pmr8-qgj7", }, { category: "external", summary: "Github Icinga vom 2021-07-15", url: "https://github.com/Icinga/icinga2/security/advisories/GHSA-98wp-jc6q-x5q5", }, { category: "external", summary: "Debian Security Advisory DLA-2816 vom 2021-11-10", url: "https://lists.debian.org/debian-lts-announce/2021/11/msg00010.html", }, { category: "external", summary: "Debian Security Advisory DLA-3953 vom 2024-11-16", url: "https://lists.debian.org/debian-lts-announce/2024/11/msg00010.html", }, { category: "external", summary: "Gentoo Linux Security Advisory GLSA-202412-08 vom 2024-12-07", url: "https://security.gentoo.org/glsa/202412-08", }, ], source_lang: "en-US", title: "Icinga: Mehrere Schwachstellen", tracking: { current_release_date: "2024-12-08T23:00:00.000+00:00", generator: { date: "2024-12-09T09:22:04.614+00:00", engine: { name: "BSI-WID", version: "1.3.10", }, }, id: "WID-SEC-W-2024-3477", initial_release_date: "2021-07-15T22:00:00.000+00:00", revision_history: [ { date: "2021-07-15T22:00:00.000+00:00", number: "1", summary: "Initiale Fassung", }, { date: "2021-11-10T23:00:00.000+00:00", number: "2", summary: "Neue Updates von Debian aufgenommen", }, { date: "2024-11-17T23:00:00.000+00:00", number: "3", summary: "Neue Updates von Debian aufgenommen", }, { date: "2024-12-08T23:00:00.000+00:00", number: "4", summary: "Neue Updates von Gentoo aufgenommen", }, ], status: "final", version: "4", }, }, product_tree: { branches: [ { branches: [ { category: "product_name", name: "Debian Linux", product: { name: "Debian Linux", product_id: "2951", product_identification_helper: { cpe: "cpe:/o:debian:debian_linux:-", }, }, }, ], category: "vendor", name: "Debian", }, { branches: [ { category: "product_name", name: "Gentoo Linux", product: { name: "Gentoo Linux", product_id: "T012167", product_identification_helper: { cpe: "cpe:/o:gentoo:linux:-", }, }, }, ], category: "vendor", name: "Gentoo", }, { branches: [ { branches: [ { category: "product_version_range", name: "<2.11.10", product: { name: "Open Source Icinga <2.11.10", product_id: "T019828", }, }, { category: "product_version", name: "2.11.10", product: { name: "Open Source Icinga 2.11.10", product_id: "T019828-fixed", product_identification_helper: { cpe: "cpe:/a:icinga:icinga:2.11.10", }, }, }, { category: "product_version_range", name: "<2.12.5", product: { name: "Open Source Icinga <2.12.5", product_id: "T019829", }, }, { category: "product_version", name: "2.12.5", product: { name: "Open Source Icinga 2.12.5", product_id: "T019829-fixed", product_identification_helper: { cpe: "cpe:/a:icinga:icinga:2.12.5", }, }, }, ], category: "product_name", name: "Icinga", }, ], category: "vendor", name: "Open Source", }, ], }, vulnerabilities: [ { cve: "CVE-2021-32739", notes: [ { category: "description", text: "Es existiert eine Schwachstelle in Icinga. Der Fehler besteht, weil es möglich ist, die Identität eines Endpunkts oder eines API-Benutzers durch Senden speziell gestalteter Abfragen an \"ApiListener\"-Objekte zu erhalten. Ein entfernter authentifizierter Angreifer kann diese Schwachstelle ausnutzen, um seine Privilegien zu erweitern.", }, ], product_status: { known_affected: [ "2951", "T019829", "T012167", "T019828", ], }, release_date: "2021-07-15T22:00:00.000+00:00", title: "CVE-2021-32739", }, { cve: "CVE-2021-32743", notes: [ { category: "description", text: "Es existiert eine Schwachstelle in Icinga. Der Fehler besteht in den Objekttypen von \"IdoMysqlConnection\" und \"IdoPgsqlConnection\" durch das Senden speziell gestalteter Anfragen. Ein entfernter authentifizierter Angreifer kann diese Schwachstelle ausnutzen, um vertrauliche Informationen offenzulegen.", }, ], product_status: { known_affected: [ "2951", "T019829", "T012167", "T019828", ], }, release_date: "2021-07-15T22:00:00.000+00:00", title: "CVE-2021-32743", }, ], }
opensuse-su-2024:10856-1
Vulnerability from csaf_opensuse
Published
2024-06-15 00:00
Modified
2024-06-15 00:00
Summary
icinga2-2.13.1-1.3 on GA media
Notes
Title of the patch
icinga2-2.13.1-1.3 on GA media
Description of the patch
These are all security issues fixed in the icinga2-2.13.1-1.3 package on the GA media of openSUSE Tumbleweed.
Patchnames
openSUSE-Tumbleweed-2024-10856
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{ document: { aggregate_severity: { namespace: "https://www.suse.com/support/security/rating/", text: "moderate", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright 2024 SUSE LLC. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "icinga2-2.13.1-1.3 on GA media", title: "Title of the patch", }, { category: "description", text: "These are all security issues fixed in the icinga2-2.13.1-1.3 package on the GA media of openSUSE Tumbleweed.", title: "Description of the patch", }, { category: "details", text: "openSUSE-Tumbleweed-2024-10856", title: "Patchnames", }, { category: "legal_disclaimer", text: "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).", title: "Terms of use", }, ], publisher: { category: "vendor", contact_details: "https://www.suse.com/support/security/contact/", name: "SUSE Product Security Team", namespace: "https://www.suse.com/", }, references: [ { category: "external", summary: "SUSE ratings", url: "https://www.suse.com/support/security/rating/", }, { category: "self", summary: "URL of this CSAF notice", url: "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_10856-1.json", }, { category: "self", summary: "SUSE CVE CVE-2017-16933 page", url: "https://www.suse.com/security/cve/CVE-2017-16933/", }, { category: "self", summary: "SUSE CVE CVE-2018-6534 page", url: "https://www.suse.com/security/cve/CVE-2018-6534/", }, { category: "self", summary: "SUSE CVE CVE-2020-14004 page", url: "https://www.suse.com/security/cve/CVE-2020-14004/", }, { category: "self", summary: "SUSE CVE CVE-2020-29663 page", url: "https://www.suse.com/security/cve/CVE-2020-29663/", }, { category: "self", summary: "SUSE CVE CVE-2021-32739 page", url: "https://www.suse.com/security/cve/CVE-2021-32739/", }, { category: "self", summary: "SUSE CVE CVE-2021-32743 page", url: "https://www.suse.com/security/cve/CVE-2021-32743/", }, { category: "self", summary: "SUSE CVE CVE-2021-37698 page", url: "https://www.suse.com/security/cve/CVE-2021-37698/", }, ], title: "icinga2-2.13.1-1.3 on GA media", tracking: { current_release_date: "2024-06-15T00:00:00Z", generator: { date: "2024-06-15T00:00:00Z", engine: { name: "cve-database.git:bin/generate-csaf.pl", version: "1", }, }, id: "openSUSE-SU-2024:10856-1", initial_release_date: "2024-06-15T00:00:00Z", revision_history: [ { date: "2024-06-15T00:00:00Z", number: "1", summary: "Current version", }, ], status: "final", version: "1", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_version", name: "icinga2-2.13.1-1.3.aarch64", product: { name: "icinga2-2.13.1-1.3.aarch64", product_id: "icinga2-2.13.1-1.3.aarch64", }, }, { category: "product_version", name: "icinga2-bin-2.13.1-1.3.aarch64", product: { name: "icinga2-bin-2.13.1-1.3.aarch64", product_id: "icinga2-bin-2.13.1-1.3.aarch64", }, }, { category: "product_version", name: "icinga2-common-2.13.1-1.3.aarch64", product: { name: "icinga2-common-2.13.1-1.3.aarch64", product_id: "icinga2-common-2.13.1-1.3.aarch64", }, }, { category: "product_version", name: "icinga2-doc-2.13.1-1.3.aarch64", product: { name: "icinga2-doc-2.13.1-1.3.aarch64", product_id: "icinga2-doc-2.13.1-1.3.aarch64", }, }, { category: "product_version", name: "icinga2-ido-mysql-2.13.1-1.3.aarch64", product: { name: "icinga2-ido-mysql-2.13.1-1.3.aarch64", product_id: "icinga2-ido-mysql-2.13.1-1.3.aarch64", }, }, { category: "product_version", name: "icinga2-ido-pgsql-2.13.1-1.3.aarch64", product: { name: "icinga2-ido-pgsql-2.13.1-1.3.aarch64", product_id: "icinga2-ido-pgsql-2.13.1-1.3.aarch64", }, }, { category: "product_version", name: "nano-icinga2-2.13.1-1.3.aarch64", product: { name: "nano-icinga2-2.13.1-1.3.aarch64", product_id: "nano-icinga2-2.13.1-1.3.aarch64", }, }, { category: "product_version", name: "vim-icinga2-2.13.1-1.3.aarch64", product: { name: "vim-icinga2-2.13.1-1.3.aarch64", product_id: "vim-icinga2-2.13.1-1.3.aarch64", }, }, ], category: "architecture", name: "aarch64", }, { branches: [ { category: "product_version", name: "icinga2-2.13.1-1.3.ppc64le", product: { name: "icinga2-2.13.1-1.3.ppc64le", product_id: "icinga2-2.13.1-1.3.ppc64le", }, }, { category: "product_version", name: "icinga2-bin-2.13.1-1.3.ppc64le", product: { name: "icinga2-bin-2.13.1-1.3.ppc64le", product_id: "icinga2-bin-2.13.1-1.3.ppc64le", }, }, { category: "product_version", name: "icinga2-common-2.13.1-1.3.ppc64le", product: { name: "icinga2-common-2.13.1-1.3.ppc64le", product_id: "icinga2-common-2.13.1-1.3.ppc64le", }, }, { category: "product_version", name: "icinga2-doc-2.13.1-1.3.ppc64le", product: { name: "icinga2-doc-2.13.1-1.3.ppc64le", product_id: "icinga2-doc-2.13.1-1.3.ppc64le", }, }, { category: "product_version", name: "icinga2-ido-mysql-2.13.1-1.3.ppc64le", product: { name: "icinga2-ido-mysql-2.13.1-1.3.ppc64le", product_id: "icinga2-ido-mysql-2.13.1-1.3.ppc64le", }, }, { category: "product_version", name: "icinga2-ido-pgsql-2.13.1-1.3.ppc64le", product: { name: "icinga2-ido-pgsql-2.13.1-1.3.ppc64le", product_id: "icinga2-ido-pgsql-2.13.1-1.3.ppc64le", }, }, { category: "product_version", name: "nano-icinga2-2.13.1-1.3.ppc64le", product: { name: "nano-icinga2-2.13.1-1.3.ppc64le", product_id: "nano-icinga2-2.13.1-1.3.ppc64le", }, }, { category: "product_version", name: "vim-icinga2-2.13.1-1.3.ppc64le", product: { name: "vim-icinga2-2.13.1-1.3.ppc64le", product_id: "vim-icinga2-2.13.1-1.3.ppc64le", }, }, ], category: "architecture", name: "ppc64le", }, { branches: [ { category: "product_version", name: "icinga2-2.13.1-1.3.s390x", product: { name: "icinga2-2.13.1-1.3.s390x", product_id: "icinga2-2.13.1-1.3.s390x", }, }, { category: "product_version", name: "icinga2-bin-2.13.1-1.3.s390x", product: { name: "icinga2-bin-2.13.1-1.3.s390x", product_id: "icinga2-bin-2.13.1-1.3.s390x", }, }, { category: "product_version", name: "icinga2-common-2.13.1-1.3.s390x", product: { name: "icinga2-common-2.13.1-1.3.s390x", product_id: "icinga2-common-2.13.1-1.3.s390x", }, }, { category: "product_version", name: "icinga2-doc-2.13.1-1.3.s390x", product: { name: "icinga2-doc-2.13.1-1.3.s390x", product_id: "icinga2-doc-2.13.1-1.3.s390x", }, }, { category: "product_version", name: "icinga2-ido-mysql-2.13.1-1.3.s390x", product: { name: "icinga2-ido-mysql-2.13.1-1.3.s390x", product_id: "icinga2-ido-mysql-2.13.1-1.3.s390x", }, }, { category: "product_version", name: "icinga2-ido-pgsql-2.13.1-1.3.s390x", product: { name: "icinga2-ido-pgsql-2.13.1-1.3.s390x", product_id: "icinga2-ido-pgsql-2.13.1-1.3.s390x", }, }, { category: "product_version", name: "nano-icinga2-2.13.1-1.3.s390x", product: { name: "nano-icinga2-2.13.1-1.3.s390x", product_id: "nano-icinga2-2.13.1-1.3.s390x", }, }, { category: "product_version", name: "vim-icinga2-2.13.1-1.3.s390x", product: { name: "vim-icinga2-2.13.1-1.3.s390x", product_id: "vim-icinga2-2.13.1-1.3.s390x", }, }, ], category: "architecture", name: "s390x", }, { branches: [ { category: "product_version", name: "icinga2-2.13.1-1.3.x86_64", product: { name: "icinga2-2.13.1-1.3.x86_64", product_id: "icinga2-2.13.1-1.3.x86_64", }, }, { category: "product_version", name: "icinga2-bin-2.13.1-1.3.x86_64", product: { name: "icinga2-bin-2.13.1-1.3.x86_64", product_id: "icinga2-bin-2.13.1-1.3.x86_64", }, }, { category: "product_version", name: "icinga2-common-2.13.1-1.3.x86_64", product: { name: "icinga2-common-2.13.1-1.3.x86_64", product_id: "icinga2-common-2.13.1-1.3.x86_64", }, }, { category: "product_version", name: "icinga2-doc-2.13.1-1.3.x86_64", product: { name: "icinga2-doc-2.13.1-1.3.x86_64", product_id: "icinga2-doc-2.13.1-1.3.x86_64", }, }, { category: "product_version", name: "icinga2-ido-mysql-2.13.1-1.3.x86_64", product: { name: "icinga2-ido-mysql-2.13.1-1.3.x86_64", product_id: "icinga2-ido-mysql-2.13.1-1.3.x86_64", }, }, { category: "product_version", name: "icinga2-ido-pgsql-2.13.1-1.3.x86_64", product: { name: "icinga2-ido-pgsql-2.13.1-1.3.x86_64", product_id: "icinga2-ido-pgsql-2.13.1-1.3.x86_64", }, }, { category: "product_version", name: "nano-icinga2-2.13.1-1.3.x86_64", product: { name: "nano-icinga2-2.13.1-1.3.x86_64", product_id: "nano-icinga2-2.13.1-1.3.x86_64", }, }, { category: "product_version", name: "vim-icinga2-2.13.1-1.3.x86_64", product: { name: "vim-icinga2-2.13.1-1.3.x86_64", product_id: "vim-icinga2-2.13.1-1.3.x86_64", }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_name", name: "openSUSE Tumbleweed", product: { name: "openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed", product_identification_helper: { cpe: "cpe:/o:opensuse:tumbleweed", }, }, }, ], category: "product_family", name: "SUSE Linux Enterprise", }, ], category: "vendor", name: "SUSE", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "icinga2-2.13.1-1.3.aarch64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:icinga2-2.13.1-1.3.aarch64", }, product_reference: "icinga2-2.13.1-1.3.aarch64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "icinga2-2.13.1-1.3.ppc64le as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:icinga2-2.13.1-1.3.ppc64le", }, product_reference: "icinga2-2.13.1-1.3.ppc64le", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "icinga2-2.13.1-1.3.s390x as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:icinga2-2.13.1-1.3.s390x", }, product_reference: "icinga2-2.13.1-1.3.s390x", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "icinga2-2.13.1-1.3.x86_64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:icinga2-2.13.1-1.3.x86_64", }, product_reference: "icinga2-2.13.1-1.3.x86_64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "icinga2-bin-2.13.1-1.3.aarch64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:icinga2-bin-2.13.1-1.3.aarch64", }, product_reference: "icinga2-bin-2.13.1-1.3.aarch64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "icinga2-bin-2.13.1-1.3.ppc64le as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:icinga2-bin-2.13.1-1.3.ppc64le", }, product_reference: "icinga2-bin-2.13.1-1.3.ppc64le", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "icinga2-bin-2.13.1-1.3.s390x as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:icinga2-bin-2.13.1-1.3.s390x", }, product_reference: "icinga2-bin-2.13.1-1.3.s390x", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "icinga2-bin-2.13.1-1.3.x86_64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:icinga2-bin-2.13.1-1.3.x86_64", }, product_reference: "icinga2-bin-2.13.1-1.3.x86_64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "icinga2-common-2.13.1-1.3.aarch64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:icinga2-common-2.13.1-1.3.aarch64", }, product_reference: "icinga2-common-2.13.1-1.3.aarch64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "icinga2-common-2.13.1-1.3.ppc64le as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:icinga2-common-2.13.1-1.3.ppc64le", }, product_reference: "icinga2-common-2.13.1-1.3.ppc64le", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "icinga2-common-2.13.1-1.3.s390x as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:icinga2-common-2.13.1-1.3.s390x", }, product_reference: "icinga2-common-2.13.1-1.3.s390x", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "icinga2-common-2.13.1-1.3.x86_64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:icinga2-common-2.13.1-1.3.x86_64", }, product_reference: "icinga2-common-2.13.1-1.3.x86_64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "icinga2-doc-2.13.1-1.3.aarch64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:icinga2-doc-2.13.1-1.3.aarch64", }, product_reference: "icinga2-doc-2.13.1-1.3.aarch64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "icinga2-doc-2.13.1-1.3.ppc64le as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:icinga2-doc-2.13.1-1.3.ppc64le", }, product_reference: "icinga2-doc-2.13.1-1.3.ppc64le", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "icinga2-doc-2.13.1-1.3.s390x as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:icinga2-doc-2.13.1-1.3.s390x", }, product_reference: "icinga2-doc-2.13.1-1.3.s390x", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "icinga2-doc-2.13.1-1.3.x86_64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:icinga2-doc-2.13.1-1.3.x86_64", }, product_reference: "icinga2-doc-2.13.1-1.3.x86_64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "icinga2-ido-mysql-2.13.1-1.3.aarch64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:icinga2-ido-mysql-2.13.1-1.3.aarch64", }, product_reference: "icinga2-ido-mysql-2.13.1-1.3.aarch64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "icinga2-ido-mysql-2.13.1-1.3.ppc64le as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:icinga2-ido-mysql-2.13.1-1.3.ppc64le", }, product_reference: "icinga2-ido-mysql-2.13.1-1.3.ppc64le", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "icinga2-ido-mysql-2.13.1-1.3.s390x as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:icinga2-ido-mysql-2.13.1-1.3.s390x", }, product_reference: "icinga2-ido-mysql-2.13.1-1.3.s390x", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "icinga2-ido-mysql-2.13.1-1.3.x86_64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:icinga2-ido-mysql-2.13.1-1.3.x86_64", }, product_reference: "icinga2-ido-mysql-2.13.1-1.3.x86_64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "icinga2-ido-pgsql-2.13.1-1.3.aarch64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:icinga2-ido-pgsql-2.13.1-1.3.aarch64", }, product_reference: "icinga2-ido-pgsql-2.13.1-1.3.aarch64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "icinga2-ido-pgsql-2.13.1-1.3.ppc64le as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:icinga2-ido-pgsql-2.13.1-1.3.ppc64le", }, product_reference: "icinga2-ido-pgsql-2.13.1-1.3.ppc64le", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "icinga2-ido-pgsql-2.13.1-1.3.s390x as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:icinga2-ido-pgsql-2.13.1-1.3.s390x", }, product_reference: "icinga2-ido-pgsql-2.13.1-1.3.s390x", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "icinga2-ido-pgsql-2.13.1-1.3.x86_64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:icinga2-ido-pgsql-2.13.1-1.3.x86_64", }, product_reference: "icinga2-ido-pgsql-2.13.1-1.3.x86_64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "nano-icinga2-2.13.1-1.3.aarch64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:nano-icinga2-2.13.1-1.3.aarch64", }, product_reference: "nano-icinga2-2.13.1-1.3.aarch64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "nano-icinga2-2.13.1-1.3.ppc64le as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:nano-icinga2-2.13.1-1.3.ppc64le", }, product_reference: "nano-icinga2-2.13.1-1.3.ppc64le", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "nano-icinga2-2.13.1-1.3.s390x as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:nano-icinga2-2.13.1-1.3.s390x", }, product_reference: "nano-icinga2-2.13.1-1.3.s390x", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "nano-icinga2-2.13.1-1.3.x86_64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:nano-icinga2-2.13.1-1.3.x86_64", }, product_reference: "nano-icinga2-2.13.1-1.3.x86_64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "vim-icinga2-2.13.1-1.3.aarch64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:vim-icinga2-2.13.1-1.3.aarch64", }, product_reference: "vim-icinga2-2.13.1-1.3.aarch64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "vim-icinga2-2.13.1-1.3.ppc64le as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:vim-icinga2-2.13.1-1.3.ppc64le", }, product_reference: "vim-icinga2-2.13.1-1.3.ppc64le", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "vim-icinga2-2.13.1-1.3.s390x as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:vim-icinga2-2.13.1-1.3.s390x", }, product_reference: "vim-icinga2-2.13.1-1.3.s390x", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "vim-icinga2-2.13.1-1.3.x86_64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:vim-icinga2-2.13.1-1.3.x86_64", }, product_reference: "vim-icinga2-2.13.1-1.3.x86_64", relates_to_product_reference: "openSUSE Tumbleweed", }, ], }, vulnerabilities: [ { cve: "CVE-2017-16933", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2017-16933", }, ], notes: [ { category: "general", text: "etc/initsystem/prepare-dirs in Icinga 2.x through 2.8.1 has a chown call for a filename in a user-writable directory, which allows local users to gain privileges by leveraging access to the $ICINGA2_USER account for creation of a link.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:icinga2-2.13.1-1.3.aarch64", "openSUSE Tumbleweed:icinga2-2.13.1-1.3.ppc64le", "openSUSE Tumbleweed:icinga2-2.13.1-1.3.s390x", "openSUSE Tumbleweed:icinga2-2.13.1-1.3.x86_64", "openSUSE Tumbleweed:icinga2-bin-2.13.1-1.3.aarch64", "openSUSE Tumbleweed:icinga2-bin-2.13.1-1.3.ppc64le", "openSUSE Tumbleweed:icinga2-bin-2.13.1-1.3.s390x", "openSUSE Tumbleweed:icinga2-bin-2.13.1-1.3.x86_64", "openSUSE Tumbleweed:icinga2-common-2.13.1-1.3.aarch64", "openSUSE Tumbleweed:icinga2-common-2.13.1-1.3.ppc64le", "openSUSE Tumbleweed:icinga2-common-2.13.1-1.3.s390x", "openSUSE Tumbleweed:icinga2-common-2.13.1-1.3.x86_64", "openSUSE Tumbleweed:icinga2-doc-2.13.1-1.3.aarch64", "openSUSE Tumbleweed:icinga2-doc-2.13.1-1.3.ppc64le", "openSUSE Tumbleweed:icinga2-doc-2.13.1-1.3.s390x", "openSUSE Tumbleweed:icinga2-doc-2.13.1-1.3.x86_64", "openSUSE Tumbleweed:icinga2-ido-mysql-2.13.1-1.3.aarch64", "openSUSE Tumbleweed:icinga2-ido-mysql-2.13.1-1.3.ppc64le", "openSUSE Tumbleweed:icinga2-ido-mysql-2.13.1-1.3.s390x", "openSUSE Tumbleweed:icinga2-ido-mysql-2.13.1-1.3.x86_64", "openSUSE Tumbleweed:icinga2-ido-pgsql-2.13.1-1.3.aarch64", "openSUSE Tumbleweed:icinga2-ido-pgsql-2.13.1-1.3.ppc64le", "openSUSE Tumbleweed:icinga2-ido-pgsql-2.13.1-1.3.s390x", "openSUSE Tumbleweed:icinga2-ido-pgsql-2.13.1-1.3.x86_64", "openSUSE Tumbleweed:nano-icinga2-2.13.1-1.3.aarch64", "openSUSE Tumbleweed:nano-icinga2-2.13.1-1.3.ppc64le", "openSUSE Tumbleweed:nano-icinga2-2.13.1-1.3.s390x", "openSUSE Tumbleweed:nano-icinga2-2.13.1-1.3.x86_64", "openSUSE Tumbleweed:vim-icinga2-2.13.1-1.3.aarch64", "openSUSE Tumbleweed:vim-icinga2-2.13.1-1.3.ppc64le", "openSUSE Tumbleweed:vim-icinga2-2.13.1-1.3.s390x", "openSUSE Tumbleweed:vim-icinga2-2.13.1-1.3.x86_64", ], }, references: [ { category: "external", summary: "CVE-2017-16933", url: "https://www.suse.com/security/cve/CVE-2017-16933", }, { category: "external", summary: "SUSE Bug 1086673 for CVE-2017-16933", url: "https://bugzilla.suse.com/1086673", }, { category: "external", summary: "SUSE Bug 1086676 for CVE-2017-16933", url: "https://bugzilla.suse.com/1086676", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:icinga2-2.13.1-1.3.aarch64", "openSUSE Tumbleweed:icinga2-2.13.1-1.3.ppc64le", "openSUSE Tumbleweed:icinga2-2.13.1-1.3.s390x", "openSUSE Tumbleweed:icinga2-2.13.1-1.3.x86_64", "openSUSE Tumbleweed:icinga2-bin-2.13.1-1.3.aarch64", "openSUSE Tumbleweed:icinga2-bin-2.13.1-1.3.ppc64le", "openSUSE Tumbleweed:icinga2-bin-2.13.1-1.3.s390x", "openSUSE Tumbleweed:icinga2-bin-2.13.1-1.3.x86_64", "openSUSE Tumbleweed:icinga2-common-2.13.1-1.3.aarch64", "openSUSE Tumbleweed:icinga2-common-2.13.1-1.3.ppc64le", "openSUSE Tumbleweed:icinga2-common-2.13.1-1.3.s390x", "openSUSE Tumbleweed:icinga2-common-2.13.1-1.3.x86_64", "openSUSE Tumbleweed:icinga2-doc-2.13.1-1.3.aarch64", "openSUSE Tumbleweed:icinga2-doc-2.13.1-1.3.ppc64le", "openSUSE Tumbleweed:icinga2-doc-2.13.1-1.3.s390x", "openSUSE Tumbleweed:icinga2-doc-2.13.1-1.3.x86_64", "openSUSE Tumbleweed:icinga2-ido-mysql-2.13.1-1.3.aarch64", "openSUSE Tumbleweed:icinga2-ido-mysql-2.13.1-1.3.ppc64le", "openSUSE Tumbleweed:icinga2-ido-mysql-2.13.1-1.3.s390x", "openSUSE Tumbleweed:icinga2-ido-mysql-2.13.1-1.3.x86_64", "openSUSE Tumbleweed:icinga2-ido-pgsql-2.13.1-1.3.aarch64", "openSUSE Tumbleweed:icinga2-ido-pgsql-2.13.1-1.3.ppc64le", "openSUSE Tumbleweed:icinga2-ido-pgsql-2.13.1-1.3.s390x", "openSUSE Tumbleweed:icinga2-ido-pgsql-2.13.1-1.3.x86_64", "openSUSE Tumbleweed:nano-icinga2-2.13.1-1.3.aarch64", "openSUSE Tumbleweed:nano-icinga2-2.13.1-1.3.ppc64le", "openSUSE Tumbleweed:nano-icinga2-2.13.1-1.3.s390x", "openSUSE Tumbleweed:nano-icinga2-2.13.1-1.3.x86_64", "openSUSE Tumbleweed:vim-icinga2-2.13.1-1.3.aarch64", "openSUSE Tumbleweed:vim-icinga2-2.13.1-1.3.ppc64le", "openSUSE Tumbleweed:vim-icinga2-2.13.1-1.3.s390x", "openSUSE Tumbleweed:vim-icinga2-2.13.1-1.3.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7, baseSeverity: "HIGH", vectorString: "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, products: [ "openSUSE Tumbleweed:icinga2-2.13.1-1.3.aarch64", "openSUSE Tumbleweed:icinga2-2.13.1-1.3.ppc64le", "openSUSE Tumbleweed:icinga2-2.13.1-1.3.s390x", "openSUSE Tumbleweed:icinga2-2.13.1-1.3.x86_64", "openSUSE Tumbleweed:icinga2-bin-2.13.1-1.3.aarch64", "openSUSE Tumbleweed:icinga2-bin-2.13.1-1.3.ppc64le", "openSUSE Tumbleweed:icinga2-bin-2.13.1-1.3.s390x", "openSUSE Tumbleweed:icinga2-bin-2.13.1-1.3.x86_64", "openSUSE Tumbleweed:icinga2-common-2.13.1-1.3.aarch64", "openSUSE Tumbleweed:icinga2-common-2.13.1-1.3.ppc64le", "openSUSE Tumbleweed:icinga2-common-2.13.1-1.3.s390x", "openSUSE Tumbleweed:icinga2-common-2.13.1-1.3.x86_64", "openSUSE Tumbleweed:icinga2-doc-2.13.1-1.3.aarch64", "openSUSE Tumbleweed:icinga2-doc-2.13.1-1.3.ppc64le", "openSUSE Tumbleweed:icinga2-doc-2.13.1-1.3.s390x", "openSUSE Tumbleweed:icinga2-doc-2.13.1-1.3.x86_64", "openSUSE Tumbleweed:icinga2-ido-mysql-2.13.1-1.3.aarch64", "openSUSE Tumbleweed:icinga2-ido-mysql-2.13.1-1.3.ppc64le", "openSUSE Tumbleweed:icinga2-ido-mysql-2.13.1-1.3.s390x", "openSUSE Tumbleweed:icinga2-ido-mysql-2.13.1-1.3.x86_64", "openSUSE Tumbleweed:icinga2-ido-pgsql-2.13.1-1.3.aarch64", "openSUSE Tumbleweed:icinga2-ido-pgsql-2.13.1-1.3.ppc64le", "openSUSE Tumbleweed:icinga2-ido-pgsql-2.13.1-1.3.s390x", "openSUSE Tumbleweed:icinga2-ido-pgsql-2.13.1-1.3.x86_64", "openSUSE Tumbleweed:nano-icinga2-2.13.1-1.3.aarch64", "openSUSE Tumbleweed:nano-icinga2-2.13.1-1.3.ppc64le", "openSUSE Tumbleweed:nano-icinga2-2.13.1-1.3.s390x", "openSUSE Tumbleweed:nano-icinga2-2.13.1-1.3.x86_64", "openSUSE Tumbleweed:vim-icinga2-2.13.1-1.3.aarch64", "openSUSE Tumbleweed:vim-icinga2-2.13.1-1.3.ppc64le", "openSUSE Tumbleweed:vim-icinga2-2.13.1-1.3.s390x", "openSUSE Tumbleweed:vim-icinga2-2.13.1-1.3.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2017-16933", }, { cve: "CVE-2018-6534", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2018-6534", }, ], notes: [ { category: "general", text: "An issue was discovered in Icinga 2.x through 2.8.1. By sending specially crafted messages, an attacker can cause a NULL pointer dereference, which can cause the product to crash.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:icinga2-2.13.1-1.3.aarch64", "openSUSE Tumbleweed:icinga2-2.13.1-1.3.ppc64le", "openSUSE Tumbleweed:icinga2-2.13.1-1.3.s390x", "openSUSE Tumbleweed:icinga2-2.13.1-1.3.x86_64", "openSUSE Tumbleweed:icinga2-bin-2.13.1-1.3.aarch64", "openSUSE Tumbleweed:icinga2-bin-2.13.1-1.3.ppc64le", "openSUSE Tumbleweed:icinga2-bin-2.13.1-1.3.s390x", "openSUSE Tumbleweed:icinga2-bin-2.13.1-1.3.x86_64", "openSUSE Tumbleweed:icinga2-common-2.13.1-1.3.aarch64", "openSUSE Tumbleweed:icinga2-common-2.13.1-1.3.ppc64le", "openSUSE Tumbleweed:icinga2-common-2.13.1-1.3.s390x", "openSUSE Tumbleweed:icinga2-common-2.13.1-1.3.x86_64", "openSUSE Tumbleweed:icinga2-doc-2.13.1-1.3.aarch64", "openSUSE Tumbleweed:icinga2-doc-2.13.1-1.3.ppc64le", "openSUSE Tumbleweed:icinga2-doc-2.13.1-1.3.s390x", "openSUSE Tumbleweed:icinga2-doc-2.13.1-1.3.x86_64", "openSUSE Tumbleweed:icinga2-ido-mysql-2.13.1-1.3.aarch64", "openSUSE Tumbleweed:icinga2-ido-mysql-2.13.1-1.3.ppc64le", "openSUSE Tumbleweed:icinga2-ido-mysql-2.13.1-1.3.s390x", "openSUSE Tumbleweed:icinga2-ido-mysql-2.13.1-1.3.x86_64", "openSUSE Tumbleweed:icinga2-ido-pgsql-2.13.1-1.3.aarch64", "openSUSE Tumbleweed:icinga2-ido-pgsql-2.13.1-1.3.ppc64le", "openSUSE Tumbleweed:icinga2-ido-pgsql-2.13.1-1.3.s390x", "openSUSE Tumbleweed:icinga2-ido-pgsql-2.13.1-1.3.x86_64", "openSUSE Tumbleweed:nano-icinga2-2.13.1-1.3.aarch64", "openSUSE Tumbleweed:nano-icinga2-2.13.1-1.3.ppc64le", "openSUSE Tumbleweed:nano-icinga2-2.13.1-1.3.s390x", "openSUSE Tumbleweed:nano-icinga2-2.13.1-1.3.x86_64", "openSUSE Tumbleweed:vim-icinga2-2.13.1-1.3.aarch64", "openSUSE Tumbleweed:vim-icinga2-2.13.1-1.3.ppc64le", "openSUSE Tumbleweed:vim-icinga2-2.13.1-1.3.s390x", "openSUSE Tumbleweed:vim-icinga2-2.13.1-1.3.x86_64", ], }, references: [ { category: "external", summary: "CVE-2018-6534", url: "https://www.suse.com/security/cve/CVE-2018-6534", }, { category: "external", summary: "SUSE Bug 1086674 for CVE-2018-6534", url: "https://bugzilla.suse.com/1086674", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:icinga2-2.13.1-1.3.aarch64", "openSUSE Tumbleweed:icinga2-2.13.1-1.3.ppc64le", "openSUSE Tumbleweed:icinga2-2.13.1-1.3.s390x", "openSUSE Tumbleweed:icinga2-2.13.1-1.3.x86_64", "openSUSE Tumbleweed:icinga2-bin-2.13.1-1.3.aarch64", "openSUSE Tumbleweed:icinga2-bin-2.13.1-1.3.ppc64le", "openSUSE Tumbleweed:icinga2-bin-2.13.1-1.3.s390x", "openSUSE Tumbleweed:icinga2-bin-2.13.1-1.3.x86_64", "openSUSE Tumbleweed:icinga2-common-2.13.1-1.3.aarch64", "openSUSE Tumbleweed:icinga2-common-2.13.1-1.3.ppc64le", "openSUSE Tumbleweed:icinga2-common-2.13.1-1.3.s390x", "openSUSE Tumbleweed:icinga2-common-2.13.1-1.3.x86_64", "openSUSE Tumbleweed:icinga2-doc-2.13.1-1.3.aarch64", "openSUSE Tumbleweed:icinga2-doc-2.13.1-1.3.ppc64le", "openSUSE Tumbleweed:icinga2-doc-2.13.1-1.3.s390x", "openSUSE Tumbleweed:icinga2-doc-2.13.1-1.3.x86_64", "openSUSE Tumbleweed:icinga2-ido-mysql-2.13.1-1.3.aarch64", "openSUSE Tumbleweed:icinga2-ido-mysql-2.13.1-1.3.ppc64le", "openSUSE Tumbleweed:icinga2-ido-mysql-2.13.1-1.3.s390x", "openSUSE Tumbleweed:icinga2-ido-mysql-2.13.1-1.3.x86_64", "openSUSE Tumbleweed:icinga2-ido-pgsql-2.13.1-1.3.aarch64", "openSUSE Tumbleweed:icinga2-ido-pgsql-2.13.1-1.3.ppc64le", "openSUSE Tumbleweed:icinga2-ido-pgsql-2.13.1-1.3.s390x", "openSUSE Tumbleweed:icinga2-ido-pgsql-2.13.1-1.3.x86_64", "openSUSE Tumbleweed:nano-icinga2-2.13.1-1.3.aarch64", "openSUSE Tumbleweed:nano-icinga2-2.13.1-1.3.ppc64le", "openSUSE Tumbleweed:nano-icinga2-2.13.1-1.3.s390x", "openSUSE Tumbleweed:nano-icinga2-2.13.1-1.3.x86_64", "openSUSE Tumbleweed:vim-icinga2-2.13.1-1.3.aarch64", "openSUSE Tumbleweed:vim-icinga2-2.13.1-1.3.ppc64le", "openSUSE Tumbleweed:vim-icinga2-2.13.1-1.3.s390x", "openSUSE Tumbleweed:vim-icinga2-2.13.1-1.3.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 6.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", version: "3.0", }, products: [ "openSUSE Tumbleweed:icinga2-2.13.1-1.3.aarch64", "openSUSE Tumbleweed:icinga2-2.13.1-1.3.ppc64le", "openSUSE Tumbleweed:icinga2-2.13.1-1.3.s390x", "openSUSE Tumbleweed:icinga2-2.13.1-1.3.x86_64", "openSUSE Tumbleweed:icinga2-bin-2.13.1-1.3.aarch64", "openSUSE Tumbleweed:icinga2-bin-2.13.1-1.3.ppc64le", "openSUSE Tumbleweed:icinga2-bin-2.13.1-1.3.s390x", "openSUSE Tumbleweed:icinga2-bin-2.13.1-1.3.x86_64", "openSUSE Tumbleweed:icinga2-common-2.13.1-1.3.aarch64", "openSUSE Tumbleweed:icinga2-common-2.13.1-1.3.ppc64le", "openSUSE Tumbleweed:icinga2-common-2.13.1-1.3.s390x", "openSUSE Tumbleweed:icinga2-common-2.13.1-1.3.x86_64", "openSUSE Tumbleweed:icinga2-doc-2.13.1-1.3.aarch64", "openSUSE Tumbleweed:icinga2-doc-2.13.1-1.3.ppc64le", "openSUSE Tumbleweed:icinga2-doc-2.13.1-1.3.s390x", "openSUSE Tumbleweed:icinga2-doc-2.13.1-1.3.x86_64", "openSUSE Tumbleweed:icinga2-ido-mysql-2.13.1-1.3.aarch64", "openSUSE Tumbleweed:icinga2-ido-mysql-2.13.1-1.3.ppc64le", "openSUSE Tumbleweed:icinga2-ido-mysql-2.13.1-1.3.s390x", "openSUSE Tumbleweed:icinga2-ido-mysql-2.13.1-1.3.x86_64", "openSUSE Tumbleweed:icinga2-ido-pgsql-2.13.1-1.3.aarch64", "openSUSE Tumbleweed:icinga2-ido-pgsql-2.13.1-1.3.ppc64le", "openSUSE Tumbleweed:icinga2-ido-pgsql-2.13.1-1.3.s390x", "openSUSE Tumbleweed:icinga2-ido-pgsql-2.13.1-1.3.x86_64", "openSUSE Tumbleweed:nano-icinga2-2.13.1-1.3.aarch64", "openSUSE Tumbleweed:nano-icinga2-2.13.1-1.3.ppc64le", "openSUSE Tumbleweed:nano-icinga2-2.13.1-1.3.s390x", "openSUSE Tumbleweed:nano-icinga2-2.13.1-1.3.x86_64", "openSUSE Tumbleweed:vim-icinga2-2.13.1-1.3.aarch64", "openSUSE Tumbleweed:vim-icinga2-2.13.1-1.3.ppc64le", "openSUSE Tumbleweed:vim-icinga2-2.13.1-1.3.s390x", "openSUSE Tumbleweed:vim-icinga2-2.13.1-1.3.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2018-6534", }, { cve: "CVE-2020-14004", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2020-14004", }, ], notes: [ { category: "general", text: "An issue was discovered in Icinga2 before v2.12.0-rc1. The prepare-dirs script (run as part of the icinga2 systemd service) executes chmod 2750 /run/icinga2/cmd. /run/icinga2 is under control of an unprivileged user by default. If /run/icinga2/cmd is a symlink, then it will by followed and arbitrary files can be changed to mode 2750 by the unprivileged icinga2 user.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:icinga2-2.13.1-1.3.aarch64", "openSUSE Tumbleweed:icinga2-2.13.1-1.3.ppc64le", "openSUSE Tumbleweed:icinga2-2.13.1-1.3.s390x", "openSUSE Tumbleweed:icinga2-2.13.1-1.3.x86_64", "openSUSE Tumbleweed:icinga2-bin-2.13.1-1.3.aarch64", "openSUSE Tumbleweed:icinga2-bin-2.13.1-1.3.ppc64le", "openSUSE Tumbleweed:icinga2-bin-2.13.1-1.3.s390x", "openSUSE Tumbleweed:icinga2-bin-2.13.1-1.3.x86_64", "openSUSE Tumbleweed:icinga2-common-2.13.1-1.3.aarch64", "openSUSE Tumbleweed:icinga2-common-2.13.1-1.3.ppc64le", "openSUSE Tumbleweed:icinga2-common-2.13.1-1.3.s390x", "openSUSE Tumbleweed:icinga2-common-2.13.1-1.3.x86_64", "openSUSE Tumbleweed:icinga2-doc-2.13.1-1.3.aarch64", "openSUSE Tumbleweed:icinga2-doc-2.13.1-1.3.ppc64le", "openSUSE Tumbleweed:icinga2-doc-2.13.1-1.3.s390x", "openSUSE Tumbleweed:icinga2-doc-2.13.1-1.3.x86_64", "openSUSE Tumbleweed:icinga2-ido-mysql-2.13.1-1.3.aarch64", "openSUSE Tumbleweed:icinga2-ido-mysql-2.13.1-1.3.ppc64le", "openSUSE Tumbleweed:icinga2-ido-mysql-2.13.1-1.3.s390x", "openSUSE Tumbleweed:icinga2-ido-mysql-2.13.1-1.3.x86_64", "openSUSE Tumbleweed:icinga2-ido-pgsql-2.13.1-1.3.aarch64", "openSUSE Tumbleweed:icinga2-ido-pgsql-2.13.1-1.3.ppc64le", "openSUSE Tumbleweed:icinga2-ido-pgsql-2.13.1-1.3.s390x", "openSUSE Tumbleweed:icinga2-ido-pgsql-2.13.1-1.3.x86_64", "openSUSE Tumbleweed:nano-icinga2-2.13.1-1.3.aarch64", "openSUSE Tumbleweed:nano-icinga2-2.13.1-1.3.ppc64le", "openSUSE Tumbleweed:nano-icinga2-2.13.1-1.3.s390x", "openSUSE Tumbleweed:nano-icinga2-2.13.1-1.3.x86_64", "openSUSE Tumbleweed:vim-icinga2-2.13.1-1.3.aarch64", "openSUSE Tumbleweed:vim-icinga2-2.13.1-1.3.ppc64le", "openSUSE Tumbleweed:vim-icinga2-2.13.1-1.3.s390x", "openSUSE Tumbleweed:vim-icinga2-2.13.1-1.3.x86_64", ], }, references: [ { category: "external", summary: "CVE-2020-14004", url: "https://www.suse.com/security/cve/CVE-2020-14004", }, { category: "external", summary: "SUSE Bug 1172171 for CVE-2020-14004", url: "https://bugzilla.suse.com/1172171", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:icinga2-2.13.1-1.3.aarch64", "openSUSE Tumbleweed:icinga2-2.13.1-1.3.ppc64le", "openSUSE Tumbleweed:icinga2-2.13.1-1.3.s390x", "openSUSE Tumbleweed:icinga2-2.13.1-1.3.x86_64", "openSUSE Tumbleweed:icinga2-bin-2.13.1-1.3.aarch64", "openSUSE Tumbleweed:icinga2-bin-2.13.1-1.3.ppc64le", "openSUSE Tumbleweed:icinga2-bin-2.13.1-1.3.s390x", "openSUSE Tumbleweed:icinga2-bin-2.13.1-1.3.x86_64", "openSUSE Tumbleweed:icinga2-common-2.13.1-1.3.aarch64", "openSUSE Tumbleweed:icinga2-common-2.13.1-1.3.ppc64le", "openSUSE Tumbleweed:icinga2-common-2.13.1-1.3.s390x", "openSUSE Tumbleweed:icinga2-common-2.13.1-1.3.x86_64", "openSUSE Tumbleweed:icinga2-doc-2.13.1-1.3.aarch64", "openSUSE Tumbleweed:icinga2-doc-2.13.1-1.3.ppc64le", "openSUSE Tumbleweed:icinga2-doc-2.13.1-1.3.s390x", "openSUSE Tumbleweed:icinga2-doc-2.13.1-1.3.x86_64", "openSUSE Tumbleweed:icinga2-ido-mysql-2.13.1-1.3.aarch64", "openSUSE Tumbleweed:icinga2-ido-mysql-2.13.1-1.3.ppc64le", "openSUSE Tumbleweed:icinga2-ido-mysql-2.13.1-1.3.s390x", "openSUSE Tumbleweed:icinga2-ido-mysql-2.13.1-1.3.x86_64", "openSUSE Tumbleweed:icinga2-ido-pgsql-2.13.1-1.3.aarch64", "openSUSE Tumbleweed:icinga2-ido-pgsql-2.13.1-1.3.ppc64le", "openSUSE Tumbleweed:icinga2-ido-pgsql-2.13.1-1.3.s390x", "openSUSE Tumbleweed:icinga2-ido-pgsql-2.13.1-1.3.x86_64", "openSUSE Tumbleweed:nano-icinga2-2.13.1-1.3.aarch64", "openSUSE Tumbleweed:nano-icinga2-2.13.1-1.3.ppc64le", "openSUSE Tumbleweed:nano-icinga2-2.13.1-1.3.s390x", "openSUSE Tumbleweed:nano-icinga2-2.13.1-1.3.x86_64", "openSUSE Tumbleweed:vim-icinga2-2.13.1-1.3.aarch64", "openSUSE Tumbleweed:vim-icinga2-2.13.1-1.3.ppc64le", "openSUSE Tumbleweed:vim-icinga2-2.13.1-1.3.s390x", "openSUSE Tumbleweed:vim-icinga2-2.13.1-1.3.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "openSUSE Tumbleweed:icinga2-2.13.1-1.3.aarch64", "openSUSE Tumbleweed:icinga2-2.13.1-1.3.ppc64le", "openSUSE Tumbleweed:icinga2-2.13.1-1.3.s390x", "openSUSE Tumbleweed:icinga2-2.13.1-1.3.x86_64", "openSUSE Tumbleweed:icinga2-bin-2.13.1-1.3.aarch64", "openSUSE Tumbleweed:icinga2-bin-2.13.1-1.3.ppc64le", "openSUSE Tumbleweed:icinga2-bin-2.13.1-1.3.s390x", "openSUSE Tumbleweed:icinga2-bin-2.13.1-1.3.x86_64", "openSUSE Tumbleweed:icinga2-common-2.13.1-1.3.aarch64", "openSUSE Tumbleweed:icinga2-common-2.13.1-1.3.ppc64le", "openSUSE Tumbleweed:icinga2-common-2.13.1-1.3.s390x", "openSUSE Tumbleweed:icinga2-common-2.13.1-1.3.x86_64", "openSUSE Tumbleweed:icinga2-doc-2.13.1-1.3.aarch64", "openSUSE Tumbleweed:icinga2-doc-2.13.1-1.3.ppc64le", "openSUSE Tumbleweed:icinga2-doc-2.13.1-1.3.s390x", "openSUSE Tumbleweed:icinga2-doc-2.13.1-1.3.x86_64", "openSUSE Tumbleweed:icinga2-ido-mysql-2.13.1-1.3.aarch64", "openSUSE Tumbleweed:icinga2-ido-mysql-2.13.1-1.3.ppc64le", "openSUSE Tumbleweed:icinga2-ido-mysql-2.13.1-1.3.s390x", "openSUSE Tumbleweed:icinga2-ido-mysql-2.13.1-1.3.x86_64", "openSUSE Tumbleweed:icinga2-ido-pgsql-2.13.1-1.3.aarch64", "openSUSE Tumbleweed:icinga2-ido-pgsql-2.13.1-1.3.ppc64le", "openSUSE Tumbleweed:icinga2-ido-pgsql-2.13.1-1.3.s390x", "openSUSE Tumbleweed:icinga2-ido-pgsql-2.13.1-1.3.x86_64", "openSUSE Tumbleweed:nano-icinga2-2.13.1-1.3.aarch64", "openSUSE Tumbleweed:nano-icinga2-2.13.1-1.3.ppc64le", "openSUSE Tumbleweed:nano-icinga2-2.13.1-1.3.s390x", "openSUSE Tumbleweed:nano-icinga2-2.13.1-1.3.x86_64", "openSUSE Tumbleweed:vim-icinga2-2.13.1-1.3.aarch64", "openSUSE Tumbleweed:vim-icinga2-2.13.1-1.3.ppc64le", "openSUSE Tumbleweed:vim-icinga2-2.13.1-1.3.s390x", "openSUSE Tumbleweed:vim-icinga2-2.13.1-1.3.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "important", }, ], title: "CVE-2020-14004", }, { cve: "CVE-2020-29663", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2020-29663", }, ], notes: [ { category: "general", text: "Icinga 2 v2.8.0 through v2.11.7 and v2.12.2 has an issue where revoked certificates due for renewal will automatically be renewed, ignoring the CRL. This issue is fixed in Icinga 2 v2.11.8 and v2.12.3.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:icinga2-2.13.1-1.3.aarch64", "openSUSE Tumbleweed:icinga2-2.13.1-1.3.ppc64le", "openSUSE Tumbleweed:icinga2-2.13.1-1.3.s390x", "openSUSE Tumbleweed:icinga2-2.13.1-1.3.x86_64", "openSUSE Tumbleweed:icinga2-bin-2.13.1-1.3.aarch64", "openSUSE Tumbleweed:icinga2-bin-2.13.1-1.3.ppc64le", "openSUSE Tumbleweed:icinga2-bin-2.13.1-1.3.s390x", "openSUSE Tumbleweed:icinga2-bin-2.13.1-1.3.x86_64", "openSUSE Tumbleweed:icinga2-common-2.13.1-1.3.aarch64", "openSUSE Tumbleweed:icinga2-common-2.13.1-1.3.ppc64le", "openSUSE Tumbleweed:icinga2-common-2.13.1-1.3.s390x", "openSUSE Tumbleweed:icinga2-common-2.13.1-1.3.x86_64", "openSUSE Tumbleweed:icinga2-doc-2.13.1-1.3.aarch64", "openSUSE Tumbleweed:icinga2-doc-2.13.1-1.3.ppc64le", "openSUSE Tumbleweed:icinga2-doc-2.13.1-1.3.s390x", "openSUSE Tumbleweed:icinga2-doc-2.13.1-1.3.x86_64", "openSUSE Tumbleweed:icinga2-ido-mysql-2.13.1-1.3.aarch64", "openSUSE Tumbleweed:icinga2-ido-mysql-2.13.1-1.3.ppc64le", "openSUSE Tumbleweed:icinga2-ido-mysql-2.13.1-1.3.s390x", "openSUSE Tumbleweed:icinga2-ido-mysql-2.13.1-1.3.x86_64", "openSUSE Tumbleweed:icinga2-ido-pgsql-2.13.1-1.3.aarch64", "openSUSE Tumbleweed:icinga2-ido-pgsql-2.13.1-1.3.ppc64le", "openSUSE Tumbleweed:icinga2-ido-pgsql-2.13.1-1.3.s390x", "openSUSE Tumbleweed:icinga2-ido-pgsql-2.13.1-1.3.x86_64", "openSUSE Tumbleweed:nano-icinga2-2.13.1-1.3.aarch64", "openSUSE Tumbleweed:nano-icinga2-2.13.1-1.3.ppc64le", "openSUSE Tumbleweed:nano-icinga2-2.13.1-1.3.s390x", "openSUSE Tumbleweed:nano-icinga2-2.13.1-1.3.x86_64", "openSUSE Tumbleweed:vim-icinga2-2.13.1-1.3.aarch64", "openSUSE Tumbleweed:vim-icinga2-2.13.1-1.3.ppc64le", "openSUSE Tumbleweed:vim-icinga2-2.13.1-1.3.s390x", "openSUSE Tumbleweed:vim-icinga2-2.13.1-1.3.x86_64", ], }, references: [ { category: "external", summary: "CVE-2020-29663", url: "https://www.suse.com/security/cve/CVE-2020-29663", }, { category: "external", summary: "SUSE Bug 1180147 for CVE-2020-29663", url: "https://bugzilla.suse.com/1180147", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:icinga2-2.13.1-1.3.aarch64", "openSUSE Tumbleweed:icinga2-2.13.1-1.3.ppc64le", "openSUSE Tumbleweed:icinga2-2.13.1-1.3.s390x", "openSUSE Tumbleweed:icinga2-2.13.1-1.3.x86_64", "openSUSE Tumbleweed:icinga2-bin-2.13.1-1.3.aarch64", "openSUSE Tumbleweed:icinga2-bin-2.13.1-1.3.ppc64le", "openSUSE Tumbleweed:icinga2-bin-2.13.1-1.3.s390x", "openSUSE Tumbleweed:icinga2-bin-2.13.1-1.3.x86_64", "openSUSE Tumbleweed:icinga2-common-2.13.1-1.3.aarch64", "openSUSE Tumbleweed:icinga2-common-2.13.1-1.3.ppc64le", "openSUSE Tumbleweed:icinga2-common-2.13.1-1.3.s390x", "openSUSE Tumbleweed:icinga2-common-2.13.1-1.3.x86_64", "openSUSE Tumbleweed:icinga2-doc-2.13.1-1.3.aarch64", "openSUSE Tumbleweed:icinga2-doc-2.13.1-1.3.ppc64le", "openSUSE Tumbleweed:icinga2-doc-2.13.1-1.3.s390x", "openSUSE Tumbleweed:icinga2-doc-2.13.1-1.3.x86_64", "openSUSE Tumbleweed:icinga2-ido-mysql-2.13.1-1.3.aarch64", "openSUSE Tumbleweed:icinga2-ido-mysql-2.13.1-1.3.ppc64le", "openSUSE Tumbleweed:icinga2-ido-mysql-2.13.1-1.3.s390x", "openSUSE Tumbleweed:icinga2-ido-mysql-2.13.1-1.3.x86_64", "openSUSE Tumbleweed:icinga2-ido-pgsql-2.13.1-1.3.aarch64", "openSUSE Tumbleweed:icinga2-ido-pgsql-2.13.1-1.3.ppc64le", "openSUSE Tumbleweed:icinga2-ido-pgsql-2.13.1-1.3.s390x", "openSUSE Tumbleweed:icinga2-ido-pgsql-2.13.1-1.3.x86_64", "openSUSE Tumbleweed:nano-icinga2-2.13.1-1.3.aarch64", "openSUSE Tumbleweed:nano-icinga2-2.13.1-1.3.ppc64le", "openSUSE Tumbleweed:nano-icinga2-2.13.1-1.3.s390x", "openSUSE Tumbleweed:nano-icinga2-2.13.1-1.3.x86_64", "openSUSE Tumbleweed:vim-icinga2-2.13.1-1.3.aarch64", "openSUSE Tumbleweed:vim-icinga2-2.13.1-1.3.ppc64le", "openSUSE Tumbleweed:vim-icinga2-2.13.1-1.3.s390x", "openSUSE Tumbleweed:vim-icinga2-2.13.1-1.3.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", version: "3.1", }, products: [ "openSUSE Tumbleweed:icinga2-2.13.1-1.3.aarch64", "openSUSE Tumbleweed:icinga2-2.13.1-1.3.ppc64le", "openSUSE Tumbleweed:icinga2-2.13.1-1.3.s390x", "openSUSE Tumbleweed:icinga2-2.13.1-1.3.x86_64", "openSUSE Tumbleweed:icinga2-bin-2.13.1-1.3.aarch64", "openSUSE Tumbleweed:icinga2-bin-2.13.1-1.3.ppc64le", "openSUSE Tumbleweed:icinga2-bin-2.13.1-1.3.s390x", "openSUSE Tumbleweed:icinga2-bin-2.13.1-1.3.x86_64", "openSUSE Tumbleweed:icinga2-common-2.13.1-1.3.aarch64", "openSUSE Tumbleweed:icinga2-common-2.13.1-1.3.ppc64le", "openSUSE Tumbleweed:icinga2-common-2.13.1-1.3.s390x", "openSUSE Tumbleweed:icinga2-common-2.13.1-1.3.x86_64", "openSUSE Tumbleweed:icinga2-doc-2.13.1-1.3.aarch64", "openSUSE Tumbleweed:icinga2-doc-2.13.1-1.3.ppc64le", "openSUSE Tumbleweed:icinga2-doc-2.13.1-1.3.s390x", "openSUSE Tumbleweed:icinga2-doc-2.13.1-1.3.x86_64", "openSUSE Tumbleweed:icinga2-ido-mysql-2.13.1-1.3.aarch64", "openSUSE Tumbleweed:icinga2-ido-mysql-2.13.1-1.3.ppc64le", "openSUSE Tumbleweed:icinga2-ido-mysql-2.13.1-1.3.s390x", "openSUSE Tumbleweed:icinga2-ido-mysql-2.13.1-1.3.x86_64", "openSUSE Tumbleweed:icinga2-ido-pgsql-2.13.1-1.3.aarch64", "openSUSE Tumbleweed:icinga2-ido-pgsql-2.13.1-1.3.ppc64le", "openSUSE Tumbleweed:icinga2-ido-pgsql-2.13.1-1.3.s390x", "openSUSE Tumbleweed:icinga2-ido-pgsql-2.13.1-1.3.x86_64", "openSUSE Tumbleweed:nano-icinga2-2.13.1-1.3.aarch64", "openSUSE Tumbleweed:nano-icinga2-2.13.1-1.3.ppc64le", "openSUSE Tumbleweed:nano-icinga2-2.13.1-1.3.s390x", "openSUSE Tumbleweed:nano-icinga2-2.13.1-1.3.x86_64", "openSUSE Tumbleweed:vim-icinga2-2.13.1-1.3.aarch64", "openSUSE Tumbleweed:vim-icinga2-2.13.1-1.3.ppc64le", "openSUSE Tumbleweed:vim-icinga2-2.13.1-1.3.s390x", "openSUSE Tumbleweed:vim-icinga2-2.13.1-1.3.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2020-29663", }, { cve: "CVE-2021-32739", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2021-32739", }, ], notes: [ { category: "general", text: "Icinga is a monitoring system which checks the availability of network resources, notifies users of outages, and generates performance data for reporting. From version 2.4.0 through version 2.12.4, a vulnerability exists that may allow privilege escalation for authenticated API users. With a read-ony user's credentials, an attacker can view most attributes of all config objects including `ticket_salt` of `ApiListener`. This salt is enough to compute a ticket for every possible common name (CN). A ticket, the master node's certificate, and a self-signed certificate are enough to successfully request the desired certificate from Icinga. That certificate may in turn be used to steal an endpoint or API user's identity. Versions 2.12.5 and 2.11.10 both contain a fix the vulnerability. As a workaround, one may either specify queryable types explicitly or filter out ApiListener objects.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:icinga2-2.13.1-1.3.aarch64", "openSUSE Tumbleweed:icinga2-2.13.1-1.3.ppc64le", "openSUSE Tumbleweed:icinga2-2.13.1-1.3.s390x", "openSUSE Tumbleweed:icinga2-2.13.1-1.3.x86_64", "openSUSE Tumbleweed:icinga2-bin-2.13.1-1.3.aarch64", "openSUSE Tumbleweed:icinga2-bin-2.13.1-1.3.ppc64le", "openSUSE Tumbleweed:icinga2-bin-2.13.1-1.3.s390x", "openSUSE Tumbleweed:icinga2-bin-2.13.1-1.3.x86_64", "openSUSE Tumbleweed:icinga2-common-2.13.1-1.3.aarch64", "openSUSE Tumbleweed:icinga2-common-2.13.1-1.3.ppc64le", "openSUSE Tumbleweed:icinga2-common-2.13.1-1.3.s390x", "openSUSE Tumbleweed:icinga2-common-2.13.1-1.3.x86_64", "openSUSE Tumbleweed:icinga2-doc-2.13.1-1.3.aarch64", "openSUSE Tumbleweed:icinga2-doc-2.13.1-1.3.ppc64le", "openSUSE Tumbleweed:icinga2-doc-2.13.1-1.3.s390x", "openSUSE Tumbleweed:icinga2-doc-2.13.1-1.3.x86_64", "openSUSE Tumbleweed:icinga2-ido-mysql-2.13.1-1.3.aarch64", "openSUSE Tumbleweed:icinga2-ido-mysql-2.13.1-1.3.ppc64le", "openSUSE Tumbleweed:icinga2-ido-mysql-2.13.1-1.3.s390x", "openSUSE Tumbleweed:icinga2-ido-mysql-2.13.1-1.3.x86_64", "openSUSE Tumbleweed:icinga2-ido-pgsql-2.13.1-1.3.aarch64", "openSUSE Tumbleweed:icinga2-ido-pgsql-2.13.1-1.3.ppc64le", "openSUSE Tumbleweed:icinga2-ido-pgsql-2.13.1-1.3.s390x", "openSUSE Tumbleweed:icinga2-ido-pgsql-2.13.1-1.3.x86_64", "openSUSE Tumbleweed:nano-icinga2-2.13.1-1.3.aarch64", "openSUSE Tumbleweed:nano-icinga2-2.13.1-1.3.ppc64le", "openSUSE Tumbleweed:nano-icinga2-2.13.1-1.3.s390x", "openSUSE Tumbleweed:nano-icinga2-2.13.1-1.3.x86_64", "openSUSE Tumbleweed:vim-icinga2-2.13.1-1.3.aarch64", "openSUSE Tumbleweed:vim-icinga2-2.13.1-1.3.ppc64le", "openSUSE Tumbleweed:vim-icinga2-2.13.1-1.3.s390x", "openSUSE Tumbleweed:vim-icinga2-2.13.1-1.3.x86_64", ], }, references: [ { category: "external", summary: "CVE-2021-32739", url: "https://www.suse.com/security/cve/CVE-2021-32739", }, { category: "external", summary: "SUSE Bug 1188372 for CVE-2021-32739", url: "https://bugzilla.suse.com/1188372", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:icinga2-2.13.1-1.3.aarch64", "openSUSE Tumbleweed:icinga2-2.13.1-1.3.ppc64le", "openSUSE Tumbleweed:icinga2-2.13.1-1.3.s390x", "openSUSE Tumbleweed:icinga2-2.13.1-1.3.x86_64", "openSUSE Tumbleweed:icinga2-bin-2.13.1-1.3.aarch64", "openSUSE Tumbleweed:icinga2-bin-2.13.1-1.3.ppc64le", "openSUSE Tumbleweed:icinga2-bin-2.13.1-1.3.s390x", "openSUSE Tumbleweed:icinga2-bin-2.13.1-1.3.x86_64", "openSUSE Tumbleweed:icinga2-common-2.13.1-1.3.aarch64", "openSUSE Tumbleweed:icinga2-common-2.13.1-1.3.ppc64le", "openSUSE Tumbleweed:icinga2-common-2.13.1-1.3.s390x", "openSUSE Tumbleweed:icinga2-common-2.13.1-1.3.x86_64", "openSUSE Tumbleweed:icinga2-doc-2.13.1-1.3.aarch64", "openSUSE Tumbleweed:icinga2-doc-2.13.1-1.3.ppc64le", "openSUSE Tumbleweed:icinga2-doc-2.13.1-1.3.s390x", "openSUSE Tumbleweed:icinga2-doc-2.13.1-1.3.x86_64", "openSUSE Tumbleweed:icinga2-ido-mysql-2.13.1-1.3.aarch64", "openSUSE Tumbleweed:icinga2-ido-mysql-2.13.1-1.3.ppc64le", "openSUSE Tumbleweed:icinga2-ido-mysql-2.13.1-1.3.s390x", "openSUSE Tumbleweed:icinga2-ido-mysql-2.13.1-1.3.x86_64", "openSUSE Tumbleweed:icinga2-ido-pgsql-2.13.1-1.3.aarch64", "openSUSE Tumbleweed:icinga2-ido-pgsql-2.13.1-1.3.ppc64le", "openSUSE Tumbleweed:icinga2-ido-pgsql-2.13.1-1.3.s390x", "openSUSE Tumbleweed:icinga2-ido-pgsql-2.13.1-1.3.x86_64", "openSUSE Tumbleweed:nano-icinga2-2.13.1-1.3.aarch64", "openSUSE Tumbleweed:nano-icinga2-2.13.1-1.3.ppc64le", "openSUSE Tumbleweed:nano-icinga2-2.13.1-1.3.s390x", "openSUSE Tumbleweed:nano-icinga2-2.13.1-1.3.x86_64", "openSUSE Tumbleweed:vim-icinga2-2.13.1-1.3.aarch64", "openSUSE Tumbleweed:vim-icinga2-2.13.1-1.3.ppc64le", "openSUSE Tumbleweed:vim-icinga2-2.13.1-1.3.s390x", "openSUSE Tumbleweed:vim-icinga2-2.13.1-1.3.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "openSUSE Tumbleweed:icinga2-2.13.1-1.3.aarch64", "openSUSE Tumbleweed:icinga2-2.13.1-1.3.ppc64le", "openSUSE Tumbleweed:icinga2-2.13.1-1.3.s390x", "openSUSE Tumbleweed:icinga2-2.13.1-1.3.x86_64", "openSUSE Tumbleweed:icinga2-bin-2.13.1-1.3.aarch64", "openSUSE Tumbleweed:icinga2-bin-2.13.1-1.3.ppc64le", "openSUSE Tumbleweed:icinga2-bin-2.13.1-1.3.s390x", "openSUSE Tumbleweed:icinga2-bin-2.13.1-1.3.x86_64", "openSUSE Tumbleweed:icinga2-common-2.13.1-1.3.aarch64", "openSUSE Tumbleweed:icinga2-common-2.13.1-1.3.ppc64le", "openSUSE Tumbleweed:icinga2-common-2.13.1-1.3.s390x", "openSUSE Tumbleweed:icinga2-common-2.13.1-1.3.x86_64", "openSUSE Tumbleweed:icinga2-doc-2.13.1-1.3.aarch64", "openSUSE Tumbleweed:icinga2-doc-2.13.1-1.3.ppc64le", "openSUSE Tumbleweed:icinga2-doc-2.13.1-1.3.s390x", "openSUSE Tumbleweed:icinga2-doc-2.13.1-1.3.x86_64", "openSUSE Tumbleweed:icinga2-ido-mysql-2.13.1-1.3.aarch64", "openSUSE Tumbleweed:icinga2-ido-mysql-2.13.1-1.3.ppc64le", "openSUSE Tumbleweed:icinga2-ido-mysql-2.13.1-1.3.s390x", "openSUSE Tumbleweed:icinga2-ido-mysql-2.13.1-1.3.x86_64", "openSUSE Tumbleweed:icinga2-ido-pgsql-2.13.1-1.3.aarch64", "openSUSE Tumbleweed:icinga2-ido-pgsql-2.13.1-1.3.ppc64le", "openSUSE Tumbleweed:icinga2-ido-pgsql-2.13.1-1.3.s390x", "openSUSE Tumbleweed:icinga2-ido-pgsql-2.13.1-1.3.x86_64", "openSUSE Tumbleweed:nano-icinga2-2.13.1-1.3.aarch64", "openSUSE Tumbleweed:nano-icinga2-2.13.1-1.3.ppc64le", "openSUSE Tumbleweed:nano-icinga2-2.13.1-1.3.s390x", "openSUSE Tumbleweed:nano-icinga2-2.13.1-1.3.x86_64", "openSUSE Tumbleweed:vim-icinga2-2.13.1-1.3.aarch64", "openSUSE Tumbleweed:vim-icinga2-2.13.1-1.3.ppc64le", "openSUSE Tumbleweed:vim-icinga2-2.13.1-1.3.s390x", "openSUSE Tumbleweed:vim-icinga2-2.13.1-1.3.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2021-32739", }, { cve: "CVE-2021-32743", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2021-32743", }, ], notes: [ { category: "general", text: "Icinga is a monitoring system which checks the availability of network resources, notifies users of outages, and generates performance data for reporting. In versions prior to 2.11.10 and from version 2.12.0 through version 2.12.4, some of the Icinga 2 features that require credentials for external services expose those credentials through the API to authenticated API users with read permissions for the corresponding object types. IdoMysqlConnection and IdoPgsqlConnection (every released version) exposes the password of the user used to connect to the database. IcingaDB (added in 2.12.0) exposes the password used to connect to the Redis server. ElasticsearchWriter (added in 2.8.0)exposes the password used to connect to the Elasticsearch server. An attacker who obtains these credentials can impersonate Icinga to these services and add, modify and delete information there. If credentials with more permissions are in use, this increases the impact accordingly. Starting with the 2.11.10 and 2.12.5 releases, these passwords are no longer exposed via the API. As a workaround, API user permissions can be restricted to not allow querying of any affected objects, either by explicitly listing only the required object types for object query permissions, or by applying a filter rule.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:icinga2-2.13.1-1.3.aarch64", "openSUSE Tumbleweed:icinga2-2.13.1-1.3.ppc64le", "openSUSE Tumbleweed:icinga2-2.13.1-1.3.s390x", "openSUSE Tumbleweed:icinga2-2.13.1-1.3.x86_64", "openSUSE Tumbleweed:icinga2-bin-2.13.1-1.3.aarch64", "openSUSE Tumbleweed:icinga2-bin-2.13.1-1.3.ppc64le", "openSUSE Tumbleweed:icinga2-bin-2.13.1-1.3.s390x", "openSUSE Tumbleweed:icinga2-bin-2.13.1-1.3.x86_64", "openSUSE Tumbleweed:icinga2-common-2.13.1-1.3.aarch64", "openSUSE Tumbleweed:icinga2-common-2.13.1-1.3.ppc64le", "openSUSE Tumbleweed:icinga2-common-2.13.1-1.3.s390x", "openSUSE Tumbleweed:icinga2-common-2.13.1-1.3.x86_64", "openSUSE Tumbleweed:icinga2-doc-2.13.1-1.3.aarch64", "openSUSE Tumbleweed:icinga2-doc-2.13.1-1.3.ppc64le", "openSUSE Tumbleweed:icinga2-doc-2.13.1-1.3.s390x", "openSUSE Tumbleweed:icinga2-doc-2.13.1-1.3.x86_64", "openSUSE Tumbleweed:icinga2-ido-mysql-2.13.1-1.3.aarch64", "openSUSE Tumbleweed:icinga2-ido-mysql-2.13.1-1.3.ppc64le", "openSUSE Tumbleweed:icinga2-ido-mysql-2.13.1-1.3.s390x", "openSUSE Tumbleweed:icinga2-ido-mysql-2.13.1-1.3.x86_64", "openSUSE Tumbleweed:icinga2-ido-pgsql-2.13.1-1.3.aarch64", "openSUSE Tumbleweed:icinga2-ido-pgsql-2.13.1-1.3.ppc64le", "openSUSE Tumbleweed:icinga2-ido-pgsql-2.13.1-1.3.s390x", "openSUSE Tumbleweed:icinga2-ido-pgsql-2.13.1-1.3.x86_64", "openSUSE Tumbleweed:nano-icinga2-2.13.1-1.3.aarch64", "openSUSE Tumbleweed:nano-icinga2-2.13.1-1.3.ppc64le", "openSUSE Tumbleweed:nano-icinga2-2.13.1-1.3.s390x", "openSUSE Tumbleweed:nano-icinga2-2.13.1-1.3.x86_64", "openSUSE Tumbleweed:vim-icinga2-2.13.1-1.3.aarch64", "openSUSE Tumbleweed:vim-icinga2-2.13.1-1.3.ppc64le", "openSUSE Tumbleweed:vim-icinga2-2.13.1-1.3.s390x", "openSUSE Tumbleweed:vim-icinga2-2.13.1-1.3.x86_64", ], }, references: [ { category: "external", summary: "CVE-2021-32743", url: "https://www.suse.com/security/cve/CVE-2021-32743", }, { category: "external", summary: "SUSE Bug 1188370 for CVE-2021-32743", url: "https://bugzilla.suse.com/1188370", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:icinga2-2.13.1-1.3.aarch64", "openSUSE Tumbleweed:icinga2-2.13.1-1.3.ppc64le", "openSUSE Tumbleweed:icinga2-2.13.1-1.3.s390x", "openSUSE Tumbleweed:icinga2-2.13.1-1.3.x86_64", "openSUSE Tumbleweed:icinga2-bin-2.13.1-1.3.aarch64", "openSUSE Tumbleweed:icinga2-bin-2.13.1-1.3.ppc64le", "openSUSE Tumbleweed:icinga2-bin-2.13.1-1.3.s390x", "openSUSE Tumbleweed:icinga2-bin-2.13.1-1.3.x86_64", "openSUSE Tumbleweed:icinga2-common-2.13.1-1.3.aarch64", "openSUSE Tumbleweed:icinga2-common-2.13.1-1.3.ppc64le", "openSUSE Tumbleweed:icinga2-common-2.13.1-1.3.s390x", "openSUSE Tumbleweed:icinga2-common-2.13.1-1.3.x86_64", "openSUSE Tumbleweed:icinga2-doc-2.13.1-1.3.aarch64", "openSUSE Tumbleweed:icinga2-doc-2.13.1-1.3.ppc64le", "openSUSE Tumbleweed:icinga2-doc-2.13.1-1.3.s390x", "openSUSE Tumbleweed:icinga2-doc-2.13.1-1.3.x86_64", "openSUSE Tumbleweed:icinga2-ido-mysql-2.13.1-1.3.aarch64", "openSUSE Tumbleweed:icinga2-ido-mysql-2.13.1-1.3.ppc64le", "openSUSE Tumbleweed:icinga2-ido-mysql-2.13.1-1.3.s390x", "openSUSE Tumbleweed:icinga2-ido-mysql-2.13.1-1.3.x86_64", "openSUSE Tumbleweed:icinga2-ido-pgsql-2.13.1-1.3.aarch64", "openSUSE Tumbleweed:icinga2-ido-pgsql-2.13.1-1.3.ppc64le", "openSUSE Tumbleweed:icinga2-ido-pgsql-2.13.1-1.3.s390x", "openSUSE Tumbleweed:icinga2-ido-pgsql-2.13.1-1.3.x86_64", "openSUSE Tumbleweed:nano-icinga2-2.13.1-1.3.aarch64", "openSUSE Tumbleweed:nano-icinga2-2.13.1-1.3.ppc64le", "openSUSE Tumbleweed:nano-icinga2-2.13.1-1.3.s390x", "openSUSE Tumbleweed:nano-icinga2-2.13.1-1.3.x86_64", "openSUSE Tumbleweed:vim-icinga2-2.13.1-1.3.aarch64", "openSUSE Tumbleweed:vim-icinga2-2.13.1-1.3.ppc64le", "openSUSE Tumbleweed:vim-icinga2-2.13.1-1.3.s390x", "openSUSE Tumbleweed:vim-icinga2-2.13.1-1.3.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "openSUSE Tumbleweed:icinga2-2.13.1-1.3.aarch64", "openSUSE Tumbleweed:icinga2-2.13.1-1.3.ppc64le", "openSUSE Tumbleweed:icinga2-2.13.1-1.3.s390x", "openSUSE Tumbleweed:icinga2-2.13.1-1.3.x86_64", "openSUSE Tumbleweed:icinga2-bin-2.13.1-1.3.aarch64", "openSUSE Tumbleweed:icinga2-bin-2.13.1-1.3.ppc64le", "openSUSE Tumbleweed:icinga2-bin-2.13.1-1.3.s390x", "openSUSE Tumbleweed:icinga2-bin-2.13.1-1.3.x86_64", "openSUSE Tumbleweed:icinga2-common-2.13.1-1.3.aarch64", "openSUSE Tumbleweed:icinga2-common-2.13.1-1.3.ppc64le", "openSUSE Tumbleweed:icinga2-common-2.13.1-1.3.s390x", "openSUSE Tumbleweed:icinga2-common-2.13.1-1.3.x86_64", "openSUSE Tumbleweed:icinga2-doc-2.13.1-1.3.aarch64", "openSUSE Tumbleweed:icinga2-doc-2.13.1-1.3.ppc64le", "openSUSE Tumbleweed:icinga2-doc-2.13.1-1.3.s390x", "openSUSE Tumbleweed:icinga2-doc-2.13.1-1.3.x86_64", "openSUSE Tumbleweed:icinga2-ido-mysql-2.13.1-1.3.aarch64", "openSUSE Tumbleweed:icinga2-ido-mysql-2.13.1-1.3.ppc64le", "openSUSE Tumbleweed:icinga2-ido-mysql-2.13.1-1.3.s390x", "openSUSE Tumbleweed:icinga2-ido-mysql-2.13.1-1.3.x86_64", "openSUSE Tumbleweed:icinga2-ido-pgsql-2.13.1-1.3.aarch64", "openSUSE Tumbleweed:icinga2-ido-pgsql-2.13.1-1.3.ppc64le", "openSUSE Tumbleweed:icinga2-ido-pgsql-2.13.1-1.3.s390x", "openSUSE Tumbleweed:icinga2-ido-pgsql-2.13.1-1.3.x86_64", "openSUSE Tumbleweed:nano-icinga2-2.13.1-1.3.aarch64", "openSUSE Tumbleweed:nano-icinga2-2.13.1-1.3.ppc64le", "openSUSE Tumbleweed:nano-icinga2-2.13.1-1.3.s390x", "openSUSE Tumbleweed:nano-icinga2-2.13.1-1.3.x86_64", "openSUSE Tumbleweed:vim-icinga2-2.13.1-1.3.aarch64", "openSUSE Tumbleweed:vim-icinga2-2.13.1-1.3.ppc64le", "openSUSE Tumbleweed:vim-icinga2-2.13.1-1.3.s390x", "openSUSE Tumbleweed:vim-icinga2-2.13.1-1.3.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2021-32743", }, { cve: "CVE-2021-37698", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2021-37698", }, ], notes: [ { category: "general", text: "Icinga is a monitoring system which checks the availability of network resources, notifies users of outages, and generates performance data for reporting. In versions 2.5.0 through 2.13.0, ElasticsearchWriter, GelfWriter, InfluxdbWriter and Influxdb2Writer do not verify the server's certificate despite a certificate authority being specified. Icinga 2 instances which connect to any of the mentioned time series databases (TSDBs) using TLS over a spoofable infrastructure should immediately upgrade to version 2.13.1, 2.12.6, or 2.11.11 to patch the issue. Such instances should also change the credentials (if any) used by the TSDB writer feature to authenticate against the TSDB. There are no workarounds aside from upgrading.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:icinga2-2.13.1-1.3.aarch64", "openSUSE Tumbleweed:icinga2-2.13.1-1.3.ppc64le", "openSUSE Tumbleweed:icinga2-2.13.1-1.3.s390x", "openSUSE Tumbleweed:icinga2-2.13.1-1.3.x86_64", "openSUSE Tumbleweed:icinga2-bin-2.13.1-1.3.aarch64", "openSUSE Tumbleweed:icinga2-bin-2.13.1-1.3.ppc64le", "openSUSE Tumbleweed:icinga2-bin-2.13.1-1.3.s390x", "openSUSE Tumbleweed:icinga2-bin-2.13.1-1.3.x86_64", "openSUSE Tumbleweed:icinga2-common-2.13.1-1.3.aarch64", "openSUSE Tumbleweed:icinga2-common-2.13.1-1.3.ppc64le", "openSUSE Tumbleweed:icinga2-common-2.13.1-1.3.s390x", "openSUSE Tumbleweed:icinga2-common-2.13.1-1.3.x86_64", "openSUSE Tumbleweed:icinga2-doc-2.13.1-1.3.aarch64", "openSUSE Tumbleweed:icinga2-doc-2.13.1-1.3.ppc64le", "openSUSE Tumbleweed:icinga2-doc-2.13.1-1.3.s390x", "openSUSE Tumbleweed:icinga2-doc-2.13.1-1.3.x86_64", "openSUSE Tumbleweed:icinga2-ido-mysql-2.13.1-1.3.aarch64", "openSUSE Tumbleweed:icinga2-ido-mysql-2.13.1-1.3.ppc64le", "openSUSE Tumbleweed:icinga2-ido-mysql-2.13.1-1.3.s390x", "openSUSE Tumbleweed:icinga2-ido-mysql-2.13.1-1.3.x86_64", "openSUSE Tumbleweed:icinga2-ido-pgsql-2.13.1-1.3.aarch64", "openSUSE Tumbleweed:icinga2-ido-pgsql-2.13.1-1.3.ppc64le", "openSUSE Tumbleweed:icinga2-ido-pgsql-2.13.1-1.3.s390x", "openSUSE Tumbleweed:icinga2-ido-pgsql-2.13.1-1.3.x86_64", "openSUSE Tumbleweed:nano-icinga2-2.13.1-1.3.aarch64", "openSUSE Tumbleweed:nano-icinga2-2.13.1-1.3.ppc64le", "openSUSE Tumbleweed:nano-icinga2-2.13.1-1.3.s390x", "openSUSE Tumbleweed:nano-icinga2-2.13.1-1.3.x86_64", "openSUSE Tumbleweed:vim-icinga2-2.13.1-1.3.aarch64", "openSUSE Tumbleweed:vim-icinga2-2.13.1-1.3.ppc64le", "openSUSE Tumbleweed:vim-icinga2-2.13.1-1.3.s390x", "openSUSE Tumbleweed:vim-icinga2-2.13.1-1.3.x86_64", ], }, references: [ { category: "external", summary: "CVE-2021-37698", url: "https://www.suse.com/security/cve/CVE-2021-37698", }, { category: "external", summary: "SUSE Bug 1189653 for CVE-2021-37698", url: "https://bugzilla.suse.com/1189653", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:icinga2-2.13.1-1.3.aarch64", "openSUSE Tumbleweed:icinga2-2.13.1-1.3.ppc64le", "openSUSE Tumbleweed:icinga2-2.13.1-1.3.s390x", "openSUSE Tumbleweed:icinga2-2.13.1-1.3.x86_64", "openSUSE Tumbleweed:icinga2-bin-2.13.1-1.3.aarch64", "openSUSE Tumbleweed:icinga2-bin-2.13.1-1.3.ppc64le", "openSUSE Tumbleweed:icinga2-bin-2.13.1-1.3.s390x", "openSUSE Tumbleweed:icinga2-bin-2.13.1-1.3.x86_64", "openSUSE Tumbleweed:icinga2-common-2.13.1-1.3.aarch64", "openSUSE Tumbleweed:icinga2-common-2.13.1-1.3.ppc64le", "openSUSE Tumbleweed:icinga2-common-2.13.1-1.3.s390x", "openSUSE Tumbleweed:icinga2-common-2.13.1-1.3.x86_64", "openSUSE Tumbleweed:icinga2-doc-2.13.1-1.3.aarch64", "openSUSE Tumbleweed:icinga2-doc-2.13.1-1.3.ppc64le", "openSUSE Tumbleweed:icinga2-doc-2.13.1-1.3.s390x", "openSUSE Tumbleweed:icinga2-doc-2.13.1-1.3.x86_64", "openSUSE Tumbleweed:icinga2-ido-mysql-2.13.1-1.3.aarch64", "openSUSE Tumbleweed:icinga2-ido-mysql-2.13.1-1.3.ppc64le", "openSUSE Tumbleweed:icinga2-ido-mysql-2.13.1-1.3.s390x", "openSUSE Tumbleweed:icinga2-ido-mysql-2.13.1-1.3.x86_64", "openSUSE Tumbleweed:icinga2-ido-pgsql-2.13.1-1.3.aarch64", "openSUSE Tumbleweed:icinga2-ido-pgsql-2.13.1-1.3.ppc64le", "openSUSE Tumbleweed:icinga2-ido-pgsql-2.13.1-1.3.s390x", "openSUSE Tumbleweed:icinga2-ido-pgsql-2.13.1-1.3.x86_64", "openSUSE Tumbleweed:nano-icinga2-2.13.1-1.3.aarch64", "openSUSE Tumbleweed:nano-icinga2-2.13.1-1.3.ppc64le", "openSUSE Tumbleweed:nano-icinga2-2.13.1-1.3.s390x", "openSUSE Tumbleweed:nano-icinga2-2.13.1-1.3.x86_64", "openSUSE Tumbleweed:vim-icinga2-2.13.1-1.3.aarch64", "openSUSE Tumbleweed:vim-icinga2-2.13.1-1.3.ppc64le", "openSUSE Tumbleweed:vim-icinga2-2.13.1-1.3.s390x", "openSUSE Tumbleweed:vim-icinga2-2.13.1-1.3.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 6.8, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", version: "3.1", }, products: [ "openSUSE Tumbleweed:icinga2-2.13.1-1.3.aarch64", "openSUSE Tumbleweed:icinga2-2.13.1-1.3.ppc64le", "openSUSE Tumbleweed:icinga2-2.13.1-1.3.s390x", "openSUSE Tumbleweed:icinga2-2.13.1-1.3.x86_64", "openSUSE Tumbleweed:icinga2-bin-2.13.1-1.3.aarch64", "openSUSE Tumbleweed:icinga2-bin-2.13.1-1.3.ppc64le", "openSUSE Tumbleweed:icinga2-bin-2.13.1-1.3.s390x", "openSUSE Tumbleweed:icinga2-bin-2.13.1-1.3.x86_64", "openSUSE Tumbleweed:icinga2-common-2.13.1-1.3.aarch64", "openSUSE Tumbleweed:icinga2-common-2.13.1-1.3.ppc64le", "openSUSE Tumbleweed:icinga2-common-2.13.1-1.3.s390x", "openSUSE Tumbleweed:icinga2-common-2.13.1-1.3.x86_64", "openSUSE Tumbleweed:icinga2-doc-2.13.1-1.3.aarch64", "openSUSE Tumbleweed:icinga2-doc-2.13.1-1.3.ppc64le", "openSUSE Tumbleweed:icinga2-doc-2.13.1-1.3.s390x", "openSUSE Tumbleweed:icinga2-doc-2.13.1-1.3.x86_64", "openSUSE Tumbleweed:icinga2-ido-mysql-2.13.1-1.3.aarch64", "openSUSE Tumbleweed:icinga2-ido-mysql-2.13.1-1.3.ppc64le", "openSUSE Tumbleweed:icinga2-ido-mysql-2.13.1-1.3.s390x", "openSUSE Tumbleweed:icinga2-ido-mysql-2.13.1-1.3.x86_64", "openSUSE Tumbleweed:icinga2-ido-pgsql-2.13.1-1.3.aarch64", "openSUSE Tumbleweed:icinga2-ido-pgsql-2.13.1-1.3.ppc64le", "openSUSE Tumbleweed:icinga2-ido-pgsql-2.13.1-1.3.s390x", "openSUSE Tumbleweed:icinga2-ido-pgsql-2.13.1-1.3.x86_64", "openSUSE Tumbleweed:nano-icinga2-2.13.1-1.3.aarch64", "openSUSE Tumbleweed:nano-icinga2-2.13.1-1.3.ppc64le", "openSUSE Tumbleweed:nano-icinga2-2.13.1-1.3.s390x", "openSUSE Tumbleweed:nano-icinga2-2.13.1-1.3.x86_64", "openSUSE Tumbleweed:vim-icinga2-2.13.1-1.3.aarch64", "openSUSE Tumbleweed:vim-icinga2-2.13.1-1.3.ppc64le", "openSUSE Tumbleweed:vim-icinga2-2.13.1-1.3.s390x", "openSUSE Tumbleweed:vim-icinga2-2.13.1-1.3.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2021-37698", }, ], }
opensuse-su-2021:1089-1
Vulnerability from csaf_opensuse
Published
2021-07-24 18:06
Modified
2021-07-24 18:06
Summary
Security update for icinga2
Notes
Title of the patch
Security update for icinga2
Description of the patch
This update for icinga2 fixes the following issues:
icinga2 was updated to 2.12.5:
Version 2.12.5 fixes two security vulnerabilities that may lead
to privilege escalation for authenticated API users.
Other improvements include several bugfixes related to downtimes,
downtime notifications, and more reliable connection handling.
* Security
- Don't expose the PKI ticket salt via the API. This may lead
to privilege escalation for authenticated API users by them
being able to request certificates for other identities
(CVE-2021-32739)
- Don't expose IdoMysqlConnection, IdoPgsqlConnection, and
ElasticsearchWriter passwords via the API
(CVE-2021-32743)
Depending on your setup, manual intervention beyond installing
the new versions may be required, so please read the more
detailed information in the release blog post carefully.
* Bugfixes
- Don't send downtime end notification if downtime hasn't
started #8878
- Don't let a failed downtime creation block the others #8871
- Support downtimes and comments for checkables with long names
#8870
- Trigger fixed downtimes immediately if the current time
matches (instead of waiting for the timer) #8891
- Add configurable timeout for full connection handshake #8872
* Enhancements
- Replace existing downtimes on ScheduledDowntime change #8880
- Improve crashlog #8869
Patchnames
openSUSE-2021-1089
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{ document: { aggregate_severity: { namespace: "https://www.suse.com/support/security/rating/", text: "moderate", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright 2024 SUSE LLC. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Security update for icinga2", title: "Title of the patch", }, { category: "description", text: "This update for icinga2 fixes the following issues:\n\nicinga2 was updated to 2.12.5:\n\n Version 2.12.5 fixes two security vulnerabilities that may lead\n to privilege escalation for authenticated API users.\n Other improvements include several bugfixes related to downtimes,\n downtime notifications, and more reliable connection handling.\n\n * Security\n\n - Don't expose the PKI ticket salt via the API. This may lead\n to privilege escalation for authenticated API users by them\n being able to request certificates for other identities\n (CVE-2021-32739)\n\n - Don't expose IdoMysqlConnection, IdoPgsqlConnection, and\n ElasticsearchWriter passwords via the API\n (CVE-2021-32743)\n\n Depending on your setup, manual intervention beyond installing\n the new versions may be required, so please read the more\n detailed information in the release blog post carefully.\n\n * Bugfixes\n\n - Don't send downtime end notification if downtime hasn't\n started #8878\n - Don't let a failed downtime creation block the others #8871\n - Support downtimes and comments for checkables with long names\n #8870\n - Trigger fixed downtimes immediately if the current time\n matches (instead of waiting for the timer) #8891\n - Add configurable timeout for full connection handshake #8872\n * Enhancements\n - Replace existing downtimes on ScheduledDowntime change #8880\n - Improve crashlog #8869\n", title: "Description of the patch", }, { category: "details", text: "openSUSE-2021-1089", title: "Patchnames", }, { category: "legal_disclaimer", text: "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).", title: "Terms of use", }, ], publisher: { category: "vendor", contact_details: "https://www.suse.com/support/security/contact/", name: "SUSE Product Security Team", namespace: "https://www.suse.com/", }, references: [ { category: "external", summary: "SUSE ratings", url: "https://www.suse.com/support/security/rating/", }, { category: "self", summary: "URL of this CSAF notice", url: "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2021_1089-1.json", }, { category: "self", summary: "URL for openSUSE-SU-2021:1089-1", url: "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/AG46DROWC4ZEVBNIZC5IYVVFYH4FMFCS/", }, { category: "self", summary: "E-Mail link for openSUSE-SU-2021:1089-1", url: "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/AG46DROWC4ZEVBNIZC5IYVVFYH4FMFCS/", }, { category: "self", summary: "SUSE CVE CVE-2020-29663 page", url: "https://www.suse.com/security/cve/CVE-2020-29663/", }, { category: "self", summary: "SUSE CVE CVE-2021-32739 page", url: "https://www.suse.com/security/cve/CVE-2021-32739/", }, { category: "self", summary: "SUSE CVE CVE-2021-32743 page", url: "https://www.suse.com/security/cve/CVE-2021-32743/", }, ], title: "Security update for icinga2", tracking: { current_release_date: "2021-07-24T18:06:03Z", generator: { date: "2021-07-24T18:06:03Z", engine: { name: "cve-database.git:bin/generate-csaf.pl", version: "1", }, }, id: "openSUSE-SU-2021:1089-1", initial_release_date: "2021-07-24T18:06:03Z", revision_history: [ { date: "2021-07-24T18:06:03Z", number: "1", summary: "Current version", }, ], status: "final", version: "1", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_version", name: "icinga2-2.12.5-bp153.2.5.1.aarch64", product: { name: "icinga2-2.12.5-bp153.2.5.1.aarch64", product_id: "icinga2-2.12.5-bp153.2.5.1.aarch64", }, }, { category: "product_version", name: "icinga2-bin-2.12.5-bp153.2.5.1.aarch64", product: { name: "icinga2-bin-2.12.5-bp153.2.5.1.aarch64", product_id: "icinga2-bin-2.12.5-bp153.2.5.1.aarch64", }, }, { category: "product_version", name: "icinga2-common-2.12.5-bp153.2.5.1.aarch64", product: { name: "icinga2-common-2.12.5-bp153.2.5.1.aarch64", product_id: "icinga2-common-2.12.5-bp153.2.5.1.aarch64", }, }, { category: "product_version", name: "icinga2-doc-2.12.5-bp153.2.5.1.aarch64", product: { name: "icinga2-doc-2.12.5-bp153.2.5.1.aarch64", product_id: "icinga2-doc-2.12.5-bp153.2.5.1.aarch64", }, }, { category: "product_version", name: "icinga2-ido-mysql-2.12.5-bp153.2.5.1.aarch64", product: { name: "icinga2-ido-mysql-2.12.5-bp153.2.5.1.aarch64", product_id: "icinga2-ido-mysql-2.12.5-bp153.2.5.1.aarch64", }, }, { category: "product_version", name: "icinga2-ido-pgsql-2.12.5-bp153.2.5.1.aarch64", product: { name: "icinga2-ido-pgsql-2.12.5-bp153.2.5.1.aarch64", product_id: "icinga2-ido-pgsql-2.12.5-bp153.2.5.1.aarch64", }, }, { category: "product_version", name: "nano-icinga2-2.12.5-bp153.2.5.1.aarch64", product: { name: "nano-icinga2-2.12.5-bp153.2.5.1.aarch64", product_id: "nano-icinga2-2.12.5-bp153.2.5.1.aarch64", }, }, { category: "product_version", name: "vim-icinga2-2.12.5-bp153.2.5.1.aarch64", product: { name: "vim-icinga2-2.12.5-bp153.2.5.1.aarch64", product_id: "vim-icinga2-2.12.5-bp153.2.5.1.aarch64", }, }, ], category: "architecture", name: "aarch64", }, { branches: [ { category: "product_version", name: "icinga2-2.12.5-bp153.2.5.1.ppc64le", product: { name: "icinga2-2.12.5-bp153.2.5.1.ppc64le", product_id: "icinga2-2.12.5-bp153.2.5.1.ppc64le", }, }, { category: "product_version", name: "icinga2-bin-2.12.5-bp153.2.5.1.ppc64le", product: { name: "icinga2-bin-2.12.5-bp153.2.5.1.ppc64le", product_id: "icinga2-bin-2.12.5-bp153.2.5.1.ppc64le", }, }, { category: "product_version", name: "icinga2-common-2.12.5-bp153.2.5.1.ppc64le", product: { name: "icinga2-common-2.12.5-bp153.2.5.1.ppc64le", product_id: "icinga2-common-2.12.5-bp153.2.5.1.ppc64le", }, }, { category: "product_version", name: "icinga2-doc-2.12.5-bp153.2.5.1.ppc64le", product: { name: "icinga2-doc-2.12.5-bp153.2.5.1.ppc64le", product_id: "icinga2-doc-2.12.5-bp153.2.5.1.ppc64le", }, }, { category: "product_version", name: "icinga2-ido-mysql-2.12.5-bp153.2.5.1.ppc64le", product: { name: "icinga2-ido-mysql-2.12.5-bp153.2.5.1.ppc64le", product_id: "icinga2-ido-mysql-2.12.5-bp153.2.5.1.ppc64le", }, }, { category: "product_version", name: "icinga2-ido-pgsql-2.12.5-bp153.2.5.1.ppc64le", product: { name: "icinga2-ido-pgsql-2.12.5-bp153.2.5.1.ppc64le", product_id: "icinga2-ido-pgsql-2.12.5-bp153.2.5.1.ppc64le", }, }, { category: "product_version", name: "nano-icinga2-2.12.5-bp153.2.5.1.ppc64le", product: { name: "nano-icinga2-2.12.5-bp153.2.5.1.ppc64le", product_id: "nano-icinga2-2.12.5-bp153.2.5.1.ppc64le", }, }, { category: "product_version", name: "vim-icinga2-2.12.5-bp153.2.5.1.ppc64le", product: { name: "vim-icinga2-2.12.5-bp153.2.5.1.ppc64le", product_id: "vim-icinga2-2.12.5-bp153.2.5.1.ppc64le", }, }, ], category: "architecture", name: "ppc64le", }, { branches: [ { category: "product_version", name: "icinga2-2.12.5-bp153.2.5.1.x86_64", product: { name: "icinga2-2.12.5-bp153.2.5.1.x86_64", product_id: "icinga2-2.12.5-bp153.2.5.1.x86_64", }, }, { category: "product_version", name: "icinga2-bin-2.12.5-bp153.2.5.1.x86_64", product: { name: "icinga2-bin-2.12.5-bp153.2.5.1.x86_64", product_id: "icinga2-bin-2.12.5-bp153.2.5.1.x86_64", }, }, { category: "product_version", name: "icinga2-common-2.12.5-bp153.2.5.1.x86_64", product: { name: "icinga2-common-2.12.5-bp153.2.5.1.x86_64", product_id: "icinga2-common-2.12.5-bp153.2.5.1.x86_64", }, }, { category: "product_version", name: "icinga2-doc-2.12.5-bp153.2.5.1.x86_64", product: { name: "icinga2-doc-2.12.5-bp153.2.5.1.x86_64", product_id: "icinga2-doc-2.12.5-bp153.2.5.1.x86_64", }, }, { category: "product_version", name: "icinga2-ido-mysql-2.12.5-bp153.2.5.1.x86_64", product: { name: "icinga2-ido-mysql-2.12.5-bp153.2.5.1.x86_64", product_id: "icinga2-ido-mysql-2.12.5-bp153.2.5.1.x86_64", }, }, { category: "product_version", name: "icinga2-ido-pgsql-2.12.5-bp153.2.5.1.x86_64", product: { name: "icinga2-ido-pgsql-2.12.5-bp153.2.5.1.x86_64", product_id: "icinga2-ido-pgsql-2.12.5-bp153.2.5.1.x86_64", }, }, { category: "product_version", name: "nano-icinga2-2.12.5-bp153.2.5.1.x86_64", product: { name: "nano-icinga2-2.12.5-bp153.2.5.1.x86_64", product_id: "nano-icinga2-2.12.5-bp153.2.5.1.x86_64", }, }, { category: "product_version", name: "vim-icinga2-2.12.5-bp153.2.5.1.x86_64", product: { name: "vim-icinga2-2.12.5-bp153.2.5.1.x86_64", product_id: "vim-icinga2-2.12.5-bp153.2.5.1.x86_64", }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_name", name: "SUSE Package Hub 15 SP1", product: { name: "SUSE Package Hub 15 SP1", product_id: "SUSE Package Hub 15 SP1", }, }, { category: "product_name", name: "SUSE Package Hub 15 SP2", product: { name: "SUSE Package Hub 15 SP2", product_id: "SUSE Package Hub 15 SP2", }, }, { category: "product_name", name: "SUSE Package Hub 15 SP3", product: { name: "SUSE Package Hub 15 SP3", product_id: "SUSE Package Hub 15 SP3", }, }, { category: "product_name", name: "openSUSE Leap 15.2", product: { name: "openSUSE Leap 15.2", product_id: "openSUSE Leap 15.2", product_identification_helper: { cpe: "cpe:/o:opensuse:leap:15.2", }, }, }, { category: "product_name", name: "openSUSE Leap 15.3", product: { name: "openSUSE Leap 15.3", product_id: "openSUSE Leap 15.3", product_identification_helper: { cpe: "cpe:/o:opensuse:leap:15.3", }, }, }, ], category: "product_family", name: "SUSE Linux Enterprise", }, ], category: "vendor", name: "SUSE", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "icinga2-2.12.5-bp153.2.5.1.aarch64 as component of SUSE Package Hub 15 SP1", product_id: "SUSE Package Hub 15 SP1:icinga2-2.12.5-bp153.2.5.1.aarch64", }, product_reference: "icinga2-2.12.5-bp153.2.5.1.aarch64", relates_to_product_reference: "SUSE Package Hub 15 SP1", }, { category: "default_component_of", full_product_name: { name: "icinga2-2.12.5-bp153.2.5.1.ppc64le as component of SUSE Package Hub 15 SP1", product_id: "SUSE Package Hub 15 SP1:icinga2-2.12.5-bp153.2.5.1.ppc64le", }, product_reference: "icinga2-2.12.5-bp153.2.5.1.ppc64le", relates_to_product_reference: "SUSE Package Hub 15 SP1", }, { category: "default_component_of", full_product_name: { name: "icinga2-2.12.5-bp153.2.5.1.x86_64 as component of SUSE Package Hub 15 SP1", product_id: "SUSE Package Hub 15 SP1:icinga2-2.12.5-bp153.2.5.1.x86_64", }, product_reference: "icinga2-2.12.5-bp153.2.5.1.x86_64", relates_to_product_reference: "SUSE Package Hub 15 SP1", }, { category: "default_component_of", full_product_name: { name: "icinga2-bin-2.12.5-bp153.2.5.1.aarch64 as component of SUSE Package Hub 15 SP1", product_id: "SUSE Package Hub 15 SP1:icinga2-bin-2.12.5-bp153.2.5.1.aarch64", }, product_reference: "icinga2-bin-2.12.5-bp153.2.5.1.aarch64", relates_to_product_reference: "SUSE Package Hub 15 SP1", }, { category: "default_component_of", full_product_name: { name: "icinga2-bin-2.12.5-bp153.2.5.1.ppc64le as component of SUSE Package Hub 15 SP1", product_id: "SUSE Package Hub 15 SP1:icinga2-bin-2.12.5-bp153.2.5.1.ppc64le", }, product_reference: "icinga2-bin-2.12.5-bp153.2.5.1.ppc64le", relates_to_product_reference: "SUSE Package Hub 15 SP1", }, { category: "default_component_of", full_product_name: { name: "icinga2-bin-2.12.5-bp153.2.5.1.x86_64 as component of SUSE Package Hub 15 SP1", product_id: "SUSE Package Hub 15 SP1:icinga2-bin-2.12.5-bp153.2.5.1.x86_64", }, product_reference: "icinga2-bin-2.12.5-bp153.2.5.1.x86_64", relates_to_product_reference: "SUSE Package Hub 15 SP1", }, { category: "default_component_of", full_product_name: { name: "icinga2-common-2.12.5-bp153.2.5.1.aarch64 as component of SUSE Package Hub 15 SP1", product_id: "SUSE Package Hub 15 SP1:icinga2-common-2.12.5-bp153.2.5.1.aarch64", }, product_reference: "icinga2-common-2.12.5-bp153.2.5.1.aarch64", relates_to_product_reference: "SUSE Package Hub 15 SP1", }, { category: "default_component_of", full_product_name: { name: "icinga2-common-2.12.5-bp153.2.5.1.ppc64le as component of SUSE Package Hub 15 SP1", product_id: "SUSE Package Hub 15 SP1:icinga2-common-2.12.5-bp153.2.5.1.ppc64le", }, product_reference: "icinga2-common-2.12.5-bp153.2.5.1.ppc64le", relates_to_product_reference: "SUSE Package Hub 15 SP1", }, { category: "default_component_of", full_product_name: { name: "icinga2-common-2.12.5-bp153.2.5.1.x86_64 as component of SUSE Package Hub 15 SP1", product_id: "SUSE Package Hub 15 SP1:icinga2-common-2.12.5-bp153.2.5.1.x86_64", }, product_reference: "icinga2-common-2.12.5-bp153.2.5.1.x86_64", relates_to_product_reference: "SUSE Package Hub 15 SP1", }, { category: "default_component_of", full_product_name: { name: "icinga2-doc-2.12.5-bp153.2.5.1.aarch64 as component of SUSE Package Hub 15 SP1", product_id: "SUSE Package Hub 15 SP1:icinga2-doc-2.12.5-bp153.2.5.1.aarch64", }, product_reference: "icinga2-doc-2.12.5-bp153.2.5.1.aarch64", relates_to_product_reference: "SUSE Package Hub 15 SP1", }, { category: "default_component_of", full_product_name: { name: "icinga2-doc-2.12.5-bp153.2.5.1.ppc64le as component of SUSE Package Hub 15 SP1", product_id: "SUSE Package Hub 15 SP1:icinga2-doc-2.12.5-bp153.2.5.1.ppc64le", }, product_reference: "icinga2-doc-2.12.5-bp153.2.5.1.ppc64le", relates_to_product_reference: "SUSE Package Hub 15 SP1", }, { category: "default_component_of", full_product_name: { name: "icinga2-doc-2.12.5-bp153.2.5.1.x86_64 as component of SUSE Package Hub 15 SP1", product_id: "SUSE Package Hub 15 SP1:icinga2-doc-2.12.5-bp153.2.5.1.x86_64", }, product_reference: "icinga2-doc-2.12.5-bp153.2.5.1.x86_64", relates_to_product_reference: "SUSE Package Hub 15 SP1", }, { category: "default_component_of", full_product_name: { name: "icinga2-ido-mysql-2.12.5-bp153.2.5.1.aarch64 as component of SUSE Package Hub 15 SP1", product_id: "SUSE Package Hub 15 SP1:icinga2-ido-mysql-2.12.5-bp153.2.5.1.aarch64", }, product_reference: "icinga2-ido-mysql-2.12.5-bp153.2.5.1.aarch64", relates_to_product_reference: "SUSE Package Hub 15 SP1", }, { category: "default_component_of", full_product_name: { name: "icinga2-ido-mysql-2.12.5-bp153.2.5.1.ppc64le as component of SUSE Package Hub 15 SP1", product_id: "SUSE Package Hub 15 SP1:icinga2-ido-mysql-2.12.5-bp153.2.5.1.ppc64le", }, product_reference: "icinga2-ido-mysql-2.12.5-bp153.2.5.1.ppc64le", relates_to_product_reference: "SUSE Package Hub 15 SP1", }, { category: "default_component_of", full_product_name: { name: "icinga2-ido-mysql-2.12.5-bp153.2.5.1.x86_64 as component of SUSE Package Hub 15 SP1", product_id: "SUSE Package Hub 15 SP1:icinga2-ido-mysql-2.12.5-bp153.2.5.1.x86_64", }, product_reference: "icinga2-ido-mysql-2.12.5-bp153.2.5.1.x86_64", relates_to_product_reference: "SUSE Package Hub 15 SP1", }, { category: "default_component_of", full_product_name: { name: "icinga2-ido-pgsql-2.12.5-bp153.2.5.1.aarch64 as component of SUSE Package Hub 15 SP1", product_id: "SUSE Package Hub 15 SP1:icinga2-ido-pgsql-2.12.5-bp153.2.5.1.aarch64", }, product_reference: "icinga2-ido-pgsql-2.12.5-bp153.2.5.1.aarch64", relates_to_product_reference: "SUSE Package Hub 15 SP1", }, { category: "default_component_of", full_product_name: { name: "icinga2-ido-pgsql-2.12.5-bp153.2.5.1.ppc64le as component of SUSE Package Hub 15 SP1", product_id: "SUSE Package Hub 15 SP1:icinga2-ido-pgsql-2.12.5-bp153.2.5.1.ppc64le", }, product_reference: "icinga2-ido-pgsql-2.12.5-bp153.2.5.1.ppc64le", relates_to_product_reference: "SUSE Package Hub 15 SP1", }, { category: "default_component_of", full_product_name: { name: "icinga2-ido-pgsql-2.12.5-bp153.2.5.1.x86_64 as component of SUSE Package Hub 15 SP1", product_id: "SUSE Package Hub 15 SP1:icinga2-ido-pgsql-2.12.5-bp153.2.5.1.x86_64", }, product_reference: "icinga2-ido-pgsql-2.12.5-bp153.2.5.1.x86_64", relates_to_product_reference: "SUSE Package Hub 15 SP1", }, { category: "default_component_of", full_product_name: { name: "nano-icinga2-2.12.5-bp153.2.5.1.aarch64 as component of SUSE Package Hub 15 SP1", product_id: "SUSE Package Hub 15 SP1:nano-icinga2-2.12.5-bp153.2.5.1.aarch64", }, product_reference: "nano-icinga2-2.12.5-bp153.2.5.1.aarch64", relates_to_product_reference: "SUSE Package Hub 15 SP1", }, { category: "default_component_of", full_product_name: { name: "nano-icinga2-2.12.5-bp153.2.5.1.ppc64le as component of SUSE Package Hub 15 SP1", product_id: "SUSE Package Hub 15 SP1:nano-icinga2-2.12.5-bp153.2.5.1.ppc64le", }, product_reference: "nano-icinga2-2.12.5-bp153.2.5.1.ppc64le", relates_to_product_reference: "SUSE Package Hub 15 SP1", }, { category: "default_component_of", full_product_name: { name: "nano-icinga2-2.12.5-bp153.2.5.1.x86_64 as component of SUSE Package Hub 15 SP1", product_id: "SUSE Package Hub 15 SP1:nano-icinga2-2.12.5-bp153.2.5.1.x86_64", }, product_reference: "nano-icinga2-2.12.5-bp153.2.5.1.x86_64", relates_to_product_reference: "SUSE Package Hub 15 SP1", }, { category: "default_component_of", full_product_name: { name: "vim-icinga2-2.12.5-bp153.2.5.1.aarch64 as component of SUSE Package Hub 15 SP1", product_id: "SUSE Package Hub 15 SP1:vim-icinga2-2.12.5-bp153.2.5.1.aarch64", }, product_reference: "vim-icinga2-2.12.5-bp153.2.5.1.aarch64", relates_to_product_reference: "SUSE Package Hub 15 SP1", }, { category: "default_component_of", full_product_name: { name: "vim-icinga2-2.12.5-bp153.2.5.1.ppc64le as component of SUSE Package Hub 15 SP1", product_id: "SUSE Package Hub 15 SP1:vim-icinga2-2.12.5-bp153.2.5.1.ppc64le", }, product_reference: "vim-icinga2-2.12.5-bp153.2.5.1.ppc64le", relates_to_product_reference: "SUSE Package Hub 15 SP1", }, { category: "default_component_of", full_product_name: { name: "vim-icinga2-2.12.5-bp153.2.5.1.x86_64 as component of SUSE Package Hub 15 SP1", product_id: "SUSE Package Hub 15 SP1:vim-icinga2-2.12.5-bp153.2.5.1.x86_64", }, product_reference: "vim-icinga2-2.12.5-bp153.2.5.1.x86_64", relates_to_product_reference: "SUSE Package Hub 15 SP1", }, { category: "default_component_of", full_product_name: { name: "icinga2-2.12.5-bp153.2.5.1.aarch64 as component of SUSE Package Hub 15 SP2", product_id: "SUSE Package Hub 15 SP2:icinga2-2.12.5-bp153.2.5.1.aarch64", }, product_reference: "icinga2-2.12.5-bp153.2.5.1.aarch64", relates_to_product_reference: "SUSE Package Hub 15 SP2", }, { category: "default_component_of", full_product_name: { name: "icinga2-2.12.5-bp153.2.5.1.ppc64le as component of SUSE Package Hub 15 SP2", product_id: "SUSE Package Hub 15 SP2:icinga2-2.12.5-bp153.2.5.1.ppc64le", }, product_reference: "icinga2-2.12.5-bp153.2.5.1.ppc64le", relates_to_product_reference: "SUSE Package Hub 15 SP2", }, { category: "default_component_of", full_product_name: { name: "icinga2-2.12.5-bp153.2.5.1.x86_64 as component of SUSE Package Hub 15 SP2", product_id: "SUSE Package Hub 15 SP2:icinga2-2.12.5-bp153.2.5.1.x86_64", }, product_reference: "icinga2-2.12.5-bp153.2.5.1.x86_64", relates_to_product_reference: "SUSE Package Hub 15 SP2", }, { category: "default_component_of", full_product_name: { name: "icinga2-bin-2.12.5-bp153.2.5.1.aarch64 as component of SUSE Package Hub 15 SP2", product_id: "SUSE Package Hub 15 SP2:icinga2-bin-2.12.5-bp153.2.5.1.aarch64", }, product_reference: "icinga2-bin-2.12.5-bp153.2.5.1.aarch64", relates_to_product_reference: "SUSE Package Hub 15 SP2", }, { category: "default_component_of", full_product_name: { name: "icinga2-bin-2.12.5-bp153.2.5.1.ppc64le as component of SUSE Package Hub 15 SP2", product_id: "SUSE Package Hub 15 SP2:icinga2-bin-2.12.5-bp153.2.5.1.ppc64le", }, product_reference: "icinga2-bin-2.12.5-bp153.2.5.1.ppc64le", relates_to_product_reference: "SUSE Package Hub 15 SP2", }, { category: "default_component_of", full_product_name: { name: "icinga2-bin-2.12.5-bp153.2.5.1.x86_64 as component of SUSE Package Hub 15 SP2", product_id: "SUSE Package Hub 15 SP2:icinga2-bin-2.12.5-bp153.2.5.1.x86_64", }, product_reference: "icinga2-bin-2.12.5-bp153.2.5.1.x86_64", relates_to_product_reference: "SUSE Package Hub 15 SP2", }, { category: "default_component_of", full_product_name: { name: "icinga2-common-2.12.5-bp153.2.5.1.aarch64 as component of SUSE Package Hub 15 SP2", product_id: "SUSE Package Hub 15 SP2:icinga2-common-2.12.5-bp153.2.5.1.aarch64", }, product_reference: "icinga2-common-2.12.5-bp153.2.5.1.aarch64", relates_to_product_reference: "SUSE Package Hub 15 SP2", }, { category: "default_component_of", full_product_name: { name: "icinga2-common-2.12.5-bp153.2.5.1.ppc64le as component of SUSE Package Hub 15 SP2", product_id: "SUSE Package Hub 15 SP2:icinga2-common-2.12.5-bp153.2.5.1.ppc64le", }, product_reference: "icinga2-common-2.12.5-bp153.2.5.1.ppc64le", relates_to_product_reference: "SUSE Package Hub 15 SP2", }, { category: "default_component_of", full_product_name: { name: "icinga2-common-2.12.5-bp153.2.5.1.x86_64 as component of SUSE Package Hub 15 SP2", product_id: "SUSE Package Hub 15 SP2:icinga2-common-2.12.5-bp153.2.5.1.x86_64", }, product_reference: "icinga2-common-2.12.5-bp153.2.5.1.x86_64", relates_to_product_reference: "SUSE Package Hub 15 SP2", }, { category: "default_component_of", full_product_name: { name: "icinga2-doc-2.12.5-bp153.2.5.1.aarch64 as component of SUSE Package Hub 15 SP2", product_id: "SUSE Package Hub 15 SP2:icinga2-doc-2.12.5-bp153.2.5.1.aarch64", }, product_reference: "icinga2-doc-2.12.5-bp153.2.5.1.aarch64", relates_to_product_reference: "SUSE Package Hub 15 SP2", }, { category: "default_component_of", full_product_name: { name: "icinga2-doc-2.12.5-bp153.2.5.1.ppc64le as component of SUSE Package Hub 15 SP2", product_id: "SUSE Package Hub 15 SP2:icinga2-doc-2.12.5-bp153.2.5.1.ppc64le", }, product_reference: "icinga2-doc-2.12.5-bp153.2.5.1.ppc64le", relates_to_product_reference: "SUSE Package Hub 15 SP2", }, { category: "default_component_of", full_product_name: { name: "icinga2-doc-2.12.5-bp153.2.5.1.x86_64 as component of SUSE Package Hub 15 SP2", product_id: "SUSE Package Hub 15 SP2:icinga2-doc-2.12.5-bp153.2.5.1.x86_64", }, product_reference: "icinga2-doc-2.12.5-bp153.2.5.1.x86_64", relates_to_product_reference: "SUSE Package Hub 15 SP2", }, { category: "default_component_of", full_product_name: { name: "icinga2-ido-mysql-2.12.5-bp153.2.5.1.aarch64 as component of SUSE Package Hub 15 SP2", product_id: "SUSE Package Hub 15 SP2:icinga2-ido-mysql-2.12.5-bp153.2.5.1.aarch64", }, product_reference: "icinga2-ido-mysql-2.12.5-bp153.2.5.1.aarch64", relates_to_product_reference: "SUSE Package Hub 15 SP2", }, { category: "default_component_of", full_product_name: { name: "icinga2-ido-mysql-2.12.5-bp153.2.5.1.ppc64le as component of SUSE Package Hub 15 SP2", product_id: "SUSE Package Hub 15 SP2:icinga2-ido-mysql-2.12.5-bp153.2.5.1.ppc64le", }, product_reference: "icinga2-ido-mysql-2.12.5-bp153.2.5.1.ppc64le", relates_to_product_reference: "SUSE Package Hub 15 SP2", }, { category: "default_component_of", full_product_name: { name: "icinga2-ido-mysql-2.12.5-bp153.2.5.1.x86_64 as component of SUSE Package Hub 15 SP2", product_id: "SUSE Package Hub 15 SP2:icinga2-ido-mysql-2.12.5-bp153.2.5.1.x86_64", }, product_reference: "icinga2-ido-mysql-2.12.5-bp153.2.5.1.x86_64", relates_to_product_reference: "SUSE Package Hub 15 SP2", }, { category: "default_component_of", full_product_name: { name: "icinga2-ido-pgsql-2.12.5-bp153.2.5.1.aarch64 as component of SUSE Package Hub 15 SP2", product_id: "SUSE Package Hub 15 SP2:icinga2-ido-pgsql-2.12.5-bp153.2.5.1.aarch64", }, product_reference: "icinga2-ido-pgsql-2.12.5-bp153.2.5.1.aarch64", relates_to_product_reference: "SUSE Package Hub 15 SP2", }, { category: "default_component_of", full_product_name: { name: "icinga2-ido-pgsql-2.12.5-bp153.2.5.1.ppc64le as component of SUSE Package Hub 15 SP2", product_id: "SUSE Package Hub 15 SP2:icinga2-ido-pgsql-2.12.5-bp153.2.5.1.ppc64le", }, product_reference: "icinga2-ido-pgsql-2.12.5-bp153.2.5.1.ppc64le", relates_to_product_reference: "SUSE Package Hub 15 SP2", }, { category: "default_component_of", full_product_name: { name: "icinga2-ido-pgsql-2.12.5-bp153.2.5.1.x86_64 as component of SUSE Package Hub 15 SP2", product_id: "SUSE Package Hub 15 SP2:icinga2-ido-pgsql-2.12.5-bp153.2.5.1.x86_64", }, product_reference: "icinga2-ido-pgsql-2.12.5-bp153.2.5.1.x86_64", relates_to_product_reference: "SUSE Package Hub 15 SP2", }, { category: "default_component_of", full_product_name: { name: "nano-icinga2-2.12.5-bp153.2.5.1.aarch64 as component of SUSE Package Hub 15 SP2", product_id: "SUSE Package Hub 15 SP2:nano-icinga2-2.12.5-bp153.2.5.1.aarch64", }, product_reference: "nano-icinga2-2.12.5-bp153.2.5.1.aarch64", relates_to_product_reference: "SUSE Package Hub 15 SP2", }, { category: "default_component_of", full_product_name: { name: "nano-icinga2-2.12.5-bp153.2.5.1.ppc64le as component of SUSE Package Hub 15 SP2", product_id: "SUSE Package Hub 15 SP2:nano-icinga2-2.12.5-bp153.2.5.1.ppc64le", }, product_reference: "nano-icinga2-2.12.5-bp153.2.5.1.ppc64le", relates_to_product_reference: "SUSE Package Hub 15 SP2", }, { category: "default_component_of", full_product_name: { name: "nano-icinga2-2.12.5-bp153.2.5.1.x86_64 as component of SUSE Package Hub 15 SP2", product_id: "SUSE Package Hub 15 SP2:nano-icinga2-2.12.5-bp153.2.5.1.x86_64", }, product_reference: "nano-icinga2-2.12.5-bp153.2.5.1.x86_64", relates_to_product_reference: "SUSE Package Hub 15 SP2", }, { category: "default_component_of", full_product_name: { name: "vim-icinga2-2.12.5-bp153.2.5.1.aarch64 as component of SUSE Package Hub 15 SP2", product_id: "SUSE Package Hub 15 SP2:vim-icinga2-2.12.5-bp153.2.5.1.aarch64", }, product_reference: "vim-icinga2-2.12.5-bp153.2.5.1.aarch64", relates_to_product_reference: "SUSE Package Hub 15 SP2", }, { category: "default_component_of", full_product_name: { name: "vim-icinga2-2.12.5-bp153.2.5.1.ppc64le as component of SUSE Package Hub 15 SP2", product_id: "SUSE Package Hub 15 SP2:vim-icinga2-2.12.5-bp153.2.5.1.ppc64le", }, product_reference: "vim-icinga2-2.12.5-bp153.2.5.1.ppc64le", relates_to_product_reference: "SUSE Package Hub 15 SP2", }, { category: "default_component_of", full_product_name: { name: "vim-icinga2-2.12.5-bp153.2.5.1.x86_64 as component of SUSE Package Hub 15 SP2", product_id: "SUSE Package Hub 15 SP2:vim-icinga2-2.12.5-bp153.2.5.1.x86_64", }, product_reference: "vim-icinga2-2.12.5-bp153.2.5.1.x86_64", relates_to_product_reference: "SUSE Package Hub 15 SP2", }, { category: "default_component_of", full_product_name: { name: "icinga2-2.12.5-bp153.2.5.1.aarch64 as component of SUSE Package Hub 15 SP3", product_id: "SUSE Package Hub 15 SP3:icinga2-2.12.5-bp153.2.5.1.aarch64", }, product_reference: "icinga2-2.12.5-bp153.2.5.1.aarch64", relates_to_product_reference: "SUSE Package Hub 15 SP3", }, { category: "default_component_of", full_product_name: { name: "icinga2-2.12.5-bp153.2.5.1.ppc64le as component of SUSE Package Hub 15 SP3", product_id: "SUSE Package Hub 15 SP3:icinga2-2.12.5-bp153.2.5.1.ppc64le", }, product_reference: "icinga2-2.12.5-bp153.2.5.1.ppc64le", relates_to_product_reference: "SUSE Package Hub 15 SP3", }, { category: "default_component_of", full_product_name: { name: "icinga2-2.12.5-bp153.2.5.1.x86_64 as component of SUSE Package Hub 15 SP3", product_id: "SUSE Package Hub 15 SP3:icinga2-2.12.5-bp153.2.5.1.x86_64", }, product_reference: "icinga2-2.12.5-bp153.2.5.1.x86_64", relates_to_product_reference: "SUSE Package Hub 15 SP3", }, { category: "default_component_of", full_product_name: { name: "icinga2-bin-2.12.5-bp153.2.5.1.aarch64 as component of SUSE Package Hub 15 SP3", product_id: "SUSE Package Hub 15 SP3:icinga2-bin-2.12.5-bp153.2.5.1.aarch64", }, product_reference: "icinga2-bin-2.12.5-bp153.2.5.1.aarch64", relates_to_product_reference: "SUSE Package Hub 15 SP3", }, { category: "default_component_of", full_product_name: { name: "icinga2-bin-2.12.5-bp153.2.5.1.ppc64le as component of SUSE Package Hub 15 SP3", product_id: "SUSE Package Hub 15 SP3:icinga2-bin-2.12.5-bp153.2.5.1.ppc64le", }, product_reference: "icinga2-bin-2.12.5-bp153.2.5.1.ppc64le", relates_to_product_reference: "SUSE Package Hub 15 SP3", }, { category: "default_component_of", full_product_name: { name: "icinga2-bin-2.12.5-bp153.2.5.1.x86_64 as component of SUSE Package Hub 15 SP3", product_id: "SUSE Package Hub 15 SP3:icinga2-bin-2.12.5-bp153.2.5.1.x86_64", }, product_reference: "icinga2-bin-2.12.5-bp153.2.5.1.x86_64", relates_to_product_reference: "SUSE Package Hub 15 SP3", }, { category: "default_component_of", full_product_name: { name: "icinga2-common-2.12.5-bp153.2.5.1.aarch64 as component of SUSE Package Hub 15 SP3", product_id: "SUSE Package Hub 15 SP3:icinga2-common-2.12.5-bp153.2.5.1.aarch64", }, product_reference: "icinga2-common-2.12.5-bp153.2.5.1.aarch64", relates_to_product_reference: "SUSE Package Hub 15 SP3", }, { category: "default_component_of", full_product_name: { name: "icinga2-common-2.12.5-bp153.2.5.1.ppc64le as component of SUSE Package Hub 15 SP3", product_id: "SUSE Package Hub 15 SP3:icinga2-common-2.12.5-bp153.2.5.1.ppc64le", }, product_reference: "icinga2-common-2.12.5-bp153.2.5.1.ppc64le", relates_to_product_reference: "SUSE Package Hub 15 SP3", }, { category: "default_component_of", full_product_name: { name: "icinga2-common-2.12.5-bp153.2.5.1.x86_64 as component of SUSE Package Hub 15 SP3", product_id: "SUSE Package Hub 15 SP3:icinga2-common-2.12.5-bp153.2.5.1.x86_64", }, product_reference: "icinga2-common-2.12.5-bp153.2.5.1.x86_64", relates_to_product_reference: "SUSE Package Hub 15 SP3", }, { category: "default_component_of", full_product_name: { name: "icinga2-doc-2.12.5-bp153.2.5.1.aarch64 as component of SUSE Package Hub 15 SP3", product_id: "SUSE Package Hub 15 SP3:icinga2-doc-2.12.5-bp153.2.5.1.aarch64", }, product_reference: "icinga2-doc-2.12.5-bp153.2.5.1.aarch64", relates_to_product_reference: "SUSE Package Hub 15 SP3", }, { category: "default_component_of", full_product_name: { name: "icinga2-doc-2.12.5-bp153.2.5.1.ppc64le as component of SUSE Package Hub 15 SP3", product_id: "SUSE Package Hub 15 SP3:icinga2-doc-2.12.5-bp153.2.5.1.ppc64le", }, product_reference: "icinga2-doc-2.12.5-bp153.2.5.1.ppc64le", relates_to_product_reference: "SUSE Package Hub 15 SP3", }, { category: "default_component_of", full_product_name: { name: "icinga2-doc-2.12.5-bp153.2.5.1.x86_64 as component of SUSE Package Hub 15 SP3", product_id: "SUSE Package Hub 15 SP3:icinga2-doc-2.12.5-bp153.2.5.1.x86_64", }, product_reference: "icinga2-doc-2.12.5-bp153.2.5.1.x86_64", relates_to_product_reference: "SUSE Package Hub 15 SP3", }, { category: "default_component_of", full_product_name: { name: "icinga2-ido-mysql-2.12.5-bp153.2.5.1.aarch64 as component of SUSE Package Hub 15 SP3", product_id: "SUSE Package Hub 15 SP3:icinga2-ido-mysql-2.12.5-bp153.2.5.1.aarch64", }, product_reference: "icinga2-ido-mysql-2.12.5-bp153.2.5.1.aarch64", relates_to_product_reference: "SUSE Package Hub 15 SP3", }, { category: "default_component_of", full_product_name: { name: "icinga2-ido-mysql-2.12.5-bp153.2.5.1.ppc64le as component of SUSE Package Hub 15 SP3", product_id: "SUSE Package Hub 15 SP3:icinga2-ido-mysql-2.12.5-bp153.2.5.1.ppc64le", }, product_reference: "icinga2-ido-mysql-2.12.5-bp153.2.5.1.ppc64le", relates_to_product_reference: "SUSE Package Hub 15 SP3", }, { category: "default_component_of", full_product_name: { name: "icinga2-ido-mysql-2.12.5-bp153.2.5.1.x86_64 as component of SUSE Package Hub 15 SP3", product_id: "SUSE Package Hub 15 SP3:icinga2-ido-mysql-2.12.5-bp153.2.5.1.x86_64", }, product_reference: "icinga2-ido-mysql-2.12.5-bp153.2.5.1.x86_64", relates_to_product_reference: "SUSE Package Hub 15 SP3", }, { category: "default_component_of", full_product_name: { name: "icinga2-ido-pgsql-2.12.5-bp153.2.5.1.aarch64 as component of SUSE Package Hub 15 SP3", product_id: "SUSE Package Hub 15 SP3:icinga2-ido-pgsql-2.12.5-bp153.2.5.1.aarch64", }, product_reference: "icinga2-ido-pgsql-2.12.5-bp153.2.5.1.aarch64", relates_to_product_reference: "SUSE Package Hub 15 SP3", }, { category: "default_component_of", full_product_name: { name: "icinga2-ido-pgsql-2.12.5-bp153.2.5.1.ppc64le as component of SUSE Package Hub 15 SP3", product_id: "SUSE Package Hub 15 SP3:icinga2-ido-pgsql-2.12.5-bp153.2.5.1.ppc64le", }, product_reference: "icinga2-ido-pgsql-2.12.5-bp153.2.5.1.ppc64le", relates_to_product_reference: "SUSE Package Hub 15 SP3", }, { category: "default_component_of", full_product_name: { name: "icinga2-ido-pgsql-2.12.5-bp153.2.5.1.x86_64 as component of SUSE Package Hub 15 SP3", product_id: "SUSE Package Hub 15 SP3:icinga2-ido-pgsql-2.12.5-bp153.2.5.1.x86_64", }, product_reference: "icinga2-ido-pgsql-2.12.5-bp153.2.5.1.x86_64", relates_to_product_reference: "SUSE Package Hub 15 SP3", }, { category: "default_component_of", full_product_name: { name: "nano-icinga2-2.12.5-bp153.2.5.1.aarch64 as component of SUSE Package Hub 15 SP3", product_id: "SUSE Package Hub 15 SP3:nano-icinga2-2.12.5-bp153.2.5.1.aarch64", }, product_reference: "nano-icinga2-2.12.5-bp153.2.5.1.aarch64", relates_to_product_reference: "SUSE Package Hub 15 SP3", }, { category: "default_component_of", full_product_name: { name: "nano-icinga2-2.12.5-bp153.2.5.1.ppc64le as component of SUSE Package Hub 15 SP3", product_id: "SUSE Package Hub 15 SP3:nano-icinga2-2.12.5-bp153.2.5.1.ppc64le", }, product_reference: "nano-icinga2-2.12.5-bp153.2.5.1.ppc64le", relates_to_product_reference: "SUSE Package Hub 15 SP3", }, { category: "default_component_of", full_product_name: { name: "nano-icinga2-2.12.5-bp153.2.5.1.x86_64 as component of SUSE Package Hub 15 SP3", product_id: "SUSE Package Hub 15 SP3:nano-icinga2-2.12.5-bp153.2.5.1.x86_64", }, product_reference: "nano-icinga2-2.12.5-bp153.2.5.1.x86_64", relates_to_product_reference: "SUSE Package Hub 15 SP3", }, { category: "default_component_of", full_product_name: { name: "vim-icinga2-2.12.5-bp153.2.5.1.aarch64 as component of SUSE Package Hub 15 SP3", product_id: "SUSE Package Hub 15 SP3:vim-icinga2-2.12.5-bp153.2.5.1.aarch64", }, product_reference: "vim-icinga2-2.12.5-bp153.2.5.1.aarch64", relates_to_product_reference: "SUSE Package Hub 15 SP3", }, { category: "default_component_of", full_product_name: { name: "vim-icinga2-2.12.5-bp153.2.5.1.ppc64le as component of SUSE Package Hub 15 SP3", product_id: "SUSE Package Hub 15 SP3:vim-icinga2-2.12.5-bp153.2.5.1.ppc64le", }, product_reference: "vim-icinga2-2.12.5-bp153.2.5.1.ppc64le", relates_to_product_reference: "SUSE Package Hub 15 SP3", }, { category: "default_component_of", full_product_name: { name: "vim-icinga2-2.12.5-bp153.2.5.1.x86_64 as component of SUSE Package Hub 15 SP3", product_id: "SUSE Package Hub 15 SP3:vim-icinga2-2.12.5-bp153.2.5.1.x86_64", }, product_reference: "vim-icinga2-2.12.5-bp153.2.5.1.x86_64", relates_to_product_reference: "SUSE Package Hub 15 SP3", }, { category: "default_component_of", full_product_name: { name: "icinga2-2.12.5-bp153.2.5.1.aarch64 as component of openSUSE Leap 15.2", product_id: "openSUSE Leap 15.2:icinga2-2.12.5-bp153.2.5.1.aarch64", }, product_reference: "icinga2-2.12.5-bp153.2.5.1.aarch64", relates_to_product_reference: "openSUSE Leap 15.2", }, { category: "default_component_of", full_product_name: { name: "icinga2-2.12.5-bp153.2.5.1.ppc64le as component of openSUSE Leap 15.2", product_id: "openSUSE Leap 15.2:icinga2-2.12.5-bp153.2.5.1.ppc64le", }, product_reference: "icinga2-2.12.5-bp153.2.5.1.ppc64le", relates_to_product_reference: "openSUSE Leap 15.2", }, { category: "default_component_of", full_product_name: { name: "icinga2-2.12.5-bp153.2.5.1.x86_64 as component of openSUSE Leap 15.2", product_id: "openSUSE Leap 15.2:icinga2-2.12.5-bp153.2.5.1.x86_64", }, product_reference: "icinga2-2.12.5-bp153.2.5.1.x86_64", relates_to_product_reference: "openSUSE Leap 15.2", }, { category: "default_component_of", full_product_name: { name: "icinga2-bin-2.12.5-bp153.2.5.1.aarch64 as component of openSUSE Leap 15.2", product_id: "openSUSE Leap 15.2:icinga2-bin-2.12.5-bp153.2.5.1.aarch64", }, product_reference: "icinga2-bin-2.12.5-bp153.2.5.1.aarch64", relates_to_product_reference: "openSUSE Leap 15.2", }, { category: "default_component_of", full_product_name: { name: "icinga2-bin-2.12.5-bp153.2.5.1.ppc64le as component of openSUSE Leap 15.2", product_id: "openSUSE Leap 15.2:icinga2-bin-2.12.5-bp153.2.5.1.ppc64le", }, product_reference: "icinga2-bin-2.12.5-bp153.2.5.1.ppc64le", relates_to_product_reference: "openSUSE Leap 15.2", }, { category: "default_component_of", full_product_name: { name: "icinga2-bin-2.12.5-bp153.2.5.1.x86_64 as component of openSUSE Leap 15.2", product_id: "openSUSE Leap 15.2:icinga2-bin-2.12.5-bp153.2.5.1.x86_64", }, product_reference: "icinga2-bin-2.12.5-bp153.2.5.1.x86_64", relates_to_product_reference: "openSUSE Leap 15.2", }, { category: "default_component_of", full_product_name: { name: "icinga2-common-2.12.5-bp153.2.5.1.aarch64 as component of openSUSE Leap 15.2", product_id: "openSUSE Leap 15.2:icinga2-common-2.12.5-bp153.2.5.1.aarch64", }, product_reference: "icinga2-common-2.12.5-bp153.2.5.1.aarch64", relates_to_product_reference: "openSUSE Leap 15.2", }, { category: "default_component_of", full_product_name: { name: "icinga2-common-2.12.5-bp153.2.5.1.ppc64le as component of openSUSE Leap 15.2", product_id: "openSUSE Leap 15.2:icinga2-common-2.12.5-bp153.2.5.1.ppc64le", }, product_reference: "icinga2-common-2.12.5-bp153.2.5.1.ppc64le", relates_to_product_reference: "openSUSE Leap 15.2", }, { category: "default_component_of", full_product_name: { name: "icinga2-common-2.12.5-bp153.2.5.1.x86_64 as component of openSUSE Leap 15.2", product_id: "openSUSE Leap 15.2:icinga2-common-2.12.5-bp153.2.5.1.x86_64", }, product_reference: "icinga2-common-2.12.5-bp153.2.5.1.x86_64", relates_to_product_reference: "openSUSE Leap 15.2", }, { category: "default_component_of", full_product_name: { name: "icinga2-doc-2.12.5-bp153.2.5.1.aarch64 as component of openSUSE Leap 15.2", product_id: "openSUSE Leap 15.2:icinga2-doc-2.12.5-bp153.2.5.1.aarch64", }, product_reference: "icinga2-doc-2.12.5-bp153.2.5.1.aarch64", relates_to_product_reference: "openSUSE Leap 15.2", }, { category: "default_component_of", full_product_name: { name: "icinga2-doc-2.12.5-bp153.2.5.1.ppc64le as component of openSUSE Leap 15.2", product_id: "openSUSE Leap 15.2:icinga2-doc-2.12.5-bp153.2.5.1.ppc64le", }, product_reference: "icinga2-doc-2.12.5-bp153.2.5.1.ppc64le", relates_to_product_reference: "openSUSE Leap 15.2", }, { category: "default_component_of", full_product_name: { name: "icinga2-doc-2.12.5-bp153.2.5.1.x86_64 as component of openSUSE Leap 15.2", product_id: "openSUSE Leap 15.2:icinga2-doc-2.12.5-bp153.2.5.1.x86_64", }, product_reference: "icinga2-doc-2.12.5-bp153.2.5.1.x86_64", relates_to_product_reference: "openSUSE Leap 15.2", }, { category: "default_component_of", full_product_name: { name: "icinga2-ido-mysql-2.12.5-bp153.2.5.1.aarch64 as component of openSUSE Leap 15.2", product_id: "openSUSE Leap 15.2:icinga2-ido-mysql-2.12.5-bp153.2.5.1.aarch64", }, product_reference: "icinga2-ido-mysql-2.12.5-bp153.2.5.1.aarch64", relates_to_product_reference: "openSUSE Leap 15.2", }, { category: "default_component_of", full_product_name: { name: "icinga2-ido-mysql-2.12.5-bp153.2.5.1.ppc64le as component of openSUSE Leap 15.2", product_id: "openSUSE Leap 15.2:icinga2-ido-mysql-2.12.5-bp153.2.5.1.ppc64le", }, product_reference: "icinga2-ido-mysql-2.12.5-bp153.2.5.1.ppc64le", relates_to_product_reference: "openSUSE Leap 15.2", }, { category: "default_component_of", full_product_name: { name: "icinga2-ido-mysql-2.12.5-bp153.2.5.1.x86_64 as component of openSUSE Leap 15.2", product_id: "openSUSE Leap 15.2:icinga2-ido-mysql-2.12.5-bp153.2.5.1.x86_64", }, product_reference: "icinga2-ido-mysql-2.12.5-bp153.2.5.1.x86_64", relates_to_product_reference: "openSUSE Leap 15.2", }, { category: "default_component_of", full_product_name: { name: "icinga2-ido-pgsql-2.12.5-bp153.2.5.1.aarch64 as component of openSUSE Leap 15.2", product_id: "openSUSE Leap 15.2:icinga2-ido-pgsql-2.12.5-bp153.2.5.1.aarch64", }, product_reference: "icinga2-ido-pgsql-2.12.5-bp153.2.5.1.aarch64", relates_to_product_reference: "openSUSE Leap 15.2", }, { category: "default_component_of", full_product_name: { name: "icinga2-ido-pgsql-2.12.5-bp153.2.5.1.ppc64le as component of openSUSE Leap 15.2", product_id: "openSUSE Leap 15.2:icinga2-ido-pgsql-2.12.5-bp153.2.5.1.ppc64le", }, product_reference: "icinga2-ido-pgsql-2.12.5-bp153.2.5.1.ppc64le", relates_to_product_reference: "openSUSE Leap 15.2", }, { category: "default_component_of", full_product_name: { name: "icinga2-ido-pgsql-2.12.5-bp153.2.5.1.x86_64 as component of openSUSE Leap 15.2", product_id: "openSUSE Leap 15.2:icinga2-ido-pgsql-2.12.5-bp153.2.5.1.x86_64", }, product_reference: "icinga2-ido-pgsql-2.12.5-bp153.2.5.1.x86_64", relates_to_product_reference: "openSUSE Leap 15.2", }, { category: "default_component_of", full_product_name: { name: "nano-icinga2-2.12.5-bp153.2.5.1.aarch64 as component of openSUSE Leap 15.2", product_id: "openSUSE Leap 15.2:nano-icinga2-2.12.5-bp153.2.5.1.aarch64", }, product_reference: "nano-icinga2-2.12.5-bp153.2.5.1.aarch64", relates_to_product_reference: "openSUSE Leap 15.2", }, { category: "default_component_of", full_product_name: { name: "nano-icinga2-2.12.5-bp153.2.5.1.ppc64le as component of openSUSE Leap 15.2", product_id: "openSUSE Leap 15.2:nano-icinga2-2.12.5-bp153.2.5.1.ppc64le", }, product_reference: "nano-icinga2-2.12.5-bp153.2.5.1.ppc64le", relates_to_product_reference: "openSUSE Leap 15.2", }, { category: "default_component_of", full_product_name: { name: "nano-icinga2-2.12.5-bp153.2.5.1.x86_64 as component of openSUSE Leap 15.2", product_id: "openSUSE Leap 15.2:nano-icinga2-2.12.5-bp153.2.5.1.x86_64", }, product_reference: "nano-icinga2-2.12.5-bp153.2.5.1.x86_64", relates_to_product_reference: "openSUSE Leap 15.2", }, { category: "default_component_of", full_product_name: { name: "vim-icinga2-2.12.5-bp153.2.5.1.aarch64 as component of openSUSE Leap 15.2", product_id: "openSUSE Leap 15.2:vim-icinga2-2.12.5-bp153.2.5.1.aarch64", }, product_reference: "vim-icinga2-2.12.5-bp153.2.5.1.aarch64", relates_to_product_reference: "openSUSE Leap 15.2", }, { category: "default_component_of", full_product_name: { name: "vim-icinga2-2.12.5-bp153.2.5.1.ppc64le as component of openSUSE Leap 15.2", product_id: "openSUSE Leap 15.2:vim-icinga2-2.12.5-bp153.2.5.1.ppc64le", }, product_reference: "vim-icinga2-2.12.5-bp153.2.5.1.ppc64le", relates_to_product_reference: "openSUSE Leap 15.2", }, { category: "default_component_of", full_product_name: { name: "vim-icinga2-2.12.5-bp153.2.5.1.x86_64 as component of openSUSE Leap 15.2", product_id: "openSUSE Leap 15.2:vim-icinga2-2.12.5-bp153.2.5.1.x86_64", }, product_reference: "vim-icinga2-2.12.5-bp153.2.5.1.x86_64", relates_to_product_reference: "openSUSE Leap 15.2", }, { category: "default_component_of", full_product_name: { name: "icinga2-2.12.5-bp153.2.5.1.aarch64 as component of openSUSE Leap 15.3", product_id: "openSUSE Leap 15.3:icinga2-2.12.5-bp153.2.5.1.aarch64", }, product_reference: "icinga2-2.12.5-bp153.2.5.1.aarch64", relates_to_product_reference: "openSUSE Leap 15.3", }, { category: "default_component_of", full_product_name: { name: "icinga2-2.12.5-bp153.2.5.1.ppc64le as component of openSUSE Leap 15.3", product_id: "openSUSE Leap 15.3:icinga2-2.12.5-bp153.2.5.1.ppc64le", }, product_reference: "icinga2-2.12.5-bp153.2.5.1.ppc64le", relates_to_product_reference: "openSUSE Leap 15.3", }, { category: "default_component_of", full_product_name: { name: "icinga2-2.12.5-bp153.2.5.1.x86_64 as component of openSUSE Leap 15.3", product_id: "openSUSE Leap 15.3:icinga2-2.12.5-bp153.2.5.1.x86_64", }, product_reference: "icinga2-2.12.5-bp153.2.5.1.x86_64", relates_to_product_reference: "openSUSE Leap 15.3", }, { category: "default_component_of", full_product_name: { name: "icinga2-bin-2.12.5-bp153.2.5.1.aarch64 as component of openSUSE Leap 15.3", product_id: "openSUSE Leap 15.3:icinga2-bin-2.12.5-bp153.2.5.1.aarch64", }, product_reference: "icinga2-bin-2.12.5-bp153.2.5.1.aarch64", relates_to_product_reference: "openSUSE Leap 15.3", }, { category: "default_component_of", full_product_name: { name: "icinga2-bin-2.12.5-bp153.2.5.1.ppc64le as component of openSUSE Leap 15.3", product_id: "openSUSE Leap 15.3:icinga2-bin-2.12.5-bp153.2.5.1.ppc64le", }, product_reference: "icinga2-bin-2.12.5-bp153.2.5.1.ppc64le", relates_to_product_reference: "openSUSE Leap 15.3", }, { category: "default_component_of", full_product_name: { name: "icinga2-bin-2.12.5-bp153.2.5.1.x86_64 as component of openSUSE Leap 15.3", product_id: "openSUSE Leap 15.3:icinga2-bin-2.12.5-bp153.2.5.1.x86_64", }, product_reference: "icinga2-bin-2.12.5-bp153.2.5.1.x86_64", relates_to_product_reference: "openSUSE Leap 15.3", }, { category: "default_component_of", full_product_name: { name: "icinga2-common-2.12.5-bp153.2.5.1.aarch64 as component of openSUSE Leap 15.3", product_id: "openSUSE Leap 15.3:icinga2-common-2.12.5-bp153.2.5.1.aarch64", }, product_reference: "icinga2-common-2.12.5-bp153.2.5.1.aarch64", relates_to_product_reference: "openSUSE Leap 15.3", }, { category: "default_component_of", full_product_name: { name: "icinga2-common-2.12.5-bp153.2.5.1.ppc64le as component of openSUSE Leap 15.3", product_id: "openSUSE Leap 15.3:icinga2-common-2.12.5-bp153.2.5.1.ppc64le", }, product_reference: "icinga2-common-2.12.5-bp153.2.5.1.ppc64le", relates_to_product_reference: "openSUSE Leap 15.3", }, { category: "default_component_of", full_product_name: { name: "icinga2-common-2.12.5-bp153.2.5.1.x86_64 as component of openSUSE Leap 15.3", product_id: "openSUSE Leap 15.3:icinga2-common-2.12.5-bp153.2.5.1.x86_64", }, product_reference: "icinga2-common-2.12.5-bp153.2.5.1.x86_64", relates_to_product_reference: "openSUSE Leap 15.3", }, { category: "default_component_of", full_product_name: { name: "icinga2-doc-2.12.5-bp153.2.5.1.aarch64 as component of openSUSE Leap 15.3", product_id: "openSUSE Leap 15.3:icinga2-doc-2.12.5-bp153.2.5.1.aarch64", }, product_reference: "icinga2-doc-2.12.5-bp153.2.5.1.aarch64", relates_to_product_reference: "openSUSE Leap 15.3", }, { category: "default_component_of", full_product_name: { name: "icinga2-doc-2.12.5-bp153.2.5.1.ppc64le as component of openSUSE Leap 15.3", product_id: "openSUSE Leap 15.3:icinga2-doc-2.12.5-bp153.2.5.1.ppc64le", }, product_reference: "icinga2-doc-2.12.5-bp153.2.5.1.ppc64le", relates_to_product_reference: "openSUSE Leap 15.3", }, { category: "default_component_of", full_product_name: { name: "icinga2-doc-2.12.5-bp153.2.5.1.x86_64 as component of openSUSE Leap 15.3", product_id: "openSUSE Leap 15.3:icinga2-doc-2.12.5-bp153.2.5.1.x86_64", }, product_reference: "icinga2-doc-2.12.5-bp153.2.5.1.x86_64", relates_to_product_reference: "openSUSE Leap 15.3", }, { category: "default_component_of", full_product_name: { name: "icinga2-ido-mysql-2.12.5-bp153.2.5.1.aarch64 as component of openSUSE Leap 15.3", product_id: "openSUSE Leap 15.3:icinga2-ido-mysql-2.12.5-bp153.2.5.1.aarch64", }, product_reference: "icinga2-ido-mysql-2.12.5-bp153.2.5.1.aarch64", relates_to_product_reference: "openSUSE Leap 15.3", }, { category: "default_component_of", full_product_name: { name: "icinga2-ido-mysql-2.12.5-bp153.2.5.1.ppc64le as component of openSUSE Leap 15.3", product_id: "openSUSE Leap 15.3:icinga2-ido-mysql-2.12.5-bp153.2.5.1.ppc64le", }, product_reference: "icinga2-ido-mysql-2.12.5-bp153.2.5.1.ppc64le", relates_to_product_reference: "openSUSE Leap 15.3", }, { category: "default_component_of", full_product_name: { name: "icinga2-ido-mysql-2.12.5-bp153.2.5.1.x86_64 as component of openSUSE Leap 15.3", product_id: "openSUSE Leap 15.3:icinga2-ido-mysql-2.12.5-bp153.2.5.1.x86_64", }, product_reference: "icinga2-ido-mysql-2.12.5-bp153.2.5.1.x86_64", relates_to_product_reference: "openSUSE Leap 15.3", }, { category: "default_component_of", full_product_name: { name: "icinga2-ido-pgsql-2.12.5-bp153.2.5.1.aarch64 as component of openSUSE Leap 15.3", product_id: "openSUSE Leap 15.3:icinga2-ido-pgsql-2.12.5-bp153.2.5.1.aarch64", }, product_reference: "icinga2-ido-pgsql-2.12.5-bp153.2.5.1.aarch64", relates_to_product_reference: "openSUSE Leap 15.3", }, { category: "default_component_of", full_product_name: { name: "icinga2-ido-pgsql-2.12.5-bp153.2.5.1.ppc64le as component of openSUSE Leap 15.3", product_id: "openSUSE Leap 15.3:icinga2-ido-pgsql-2.12.5-bp153.2.5.1.ppc64le", }, product_reference: "icinga2-ido-pgsql-2.12.5-bp153.2.5.1.ppc64le", relates_to_product_reference: "openSUSE Leap 15.3", }, { category: "default_component_of", full_product_name: { name: "icinga2-ido-pgsql-2.12.5-bp153.2.5.1.x86_64 as component of openSUSE Leap 15.3", product_id: "openSUSE Leap 15.3:icinga2-ido-pgsql-2.12.5-bp153.2.5.1.x86_64", }, product_reference: "icinga2-ido-pgsql-2.12.5-bp153.2.5.1.x86_64", relates_to_product_reference: "openSUSE Leap 15.3", }, { category: "default_component_of", full_product_name: { name: "nano-icinga2-2.12.5-bp153.2.5.1.aarch64 as component of openSUSE Leap 15.3", product_id: "openSUSE Leap 15.3:nano-icinga2-2.12.5-bp153.2.5.1.aarch64", }, product_reference: "nano-icinga2-2.12.5-bp153.2.5.1.aarch64", relates_to_product_reference: "openSUSE Leap 15.3", }, { category: "default_component_of", full_product_name: { name: "nano-icinga2-2.12.5-bp153.2.5.1.ppc64le as component of openSUSE Leap 15.3", product_id: "openSUSE Leap 15.3:nano-icinga2-2.12.5-bp153.2.5.1.ppc64le", }, product_reference: "nano-icinga2-2.12.5-bp153.2.5.1.ppc64le", relates_to_product_reference: "openSUSE Leap 15.3", }, { category: "default_component_of", full_product_name: { name: "nano-icinga2-2.12.5-bp153.2.5.1.x86_64 as component of openSUSE Leap 15.3", product_id: "openSUSE Leap 15.3:nano-icinga2-2.12.5-bp153.2.5.1.x86_64", }, product_reference: "nano-icinga2-2.12.5-bp153.2.5.1.x86_64", relates_to_product_reference: "openSUSE Leap 15.3", }, { category: "default_component_of", full_product_name: { name: "vim-icinga2-2.12.5-bp153.2.5.1.aarch64 as component of openSUSE Leap 15.3", product_id: "openSUSE Leap 15.3:vim-icinga2-2.12.5-bp153.2.5.1.aarch64", }, product_reference: "vim-icinga2-2.12.5-bp153.2.5.1.aarch64", relates_to_product_reference: "openSUSE Leap 15.3", }, { category: "default_component_of", full_product_name: { name: "vim-icinga2-2.12.5-bp153.2.5.1.ppc64le as component of openSUSE Leap 15.3", product_id: "openSUSE Leap 15.3:vim-icinga2-2.12.5-bp153.2.5.1.ppc64le", }, product_reference: "vim-icinga2-2.12.5-bp153.2.5.1.ppc64le", relates_to_product_reference: "openSUSE Leap 15.3", }, { category: "default_component_of", full_product_name: { name: "vim-icinga2-2.12.5-bp153.2.5.1.x86_64 as component of openSUSE Leap 15.3", product_id: "openSUSE Leap 15.3:vim-icinga2-2.12.5-bp153.2.5.1.x86_64", }, product_reference: "vim-icinga2-2.12.5-bp153.2.5.1.x86_64", relates_to_product_reference: "openSUSE Leap 15.3", }, ], }, vulnerabilities: [ { cve: "CVE-2020-29663", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2020-29663", }, ], notes: [ { category: "general", text: "Icinga 2 v2.8.0 through v2.11.7 and v2.12.2 has an issue where revoked certificates due for renewal will automatically be renewed, ignoring the CRL. This issue is fixed in Icinga 2 v2.11.8 and v2.12.3.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Package Hub 15 SP1:icinga2-2.12.5-bp153.2.5.1.aarch64", "SUSE Package Hub 15 SP1:icinga2-2.12.5-bp153.2.5.1.ppc64le", "SUSE Package Hub 15 SP1:icinga2-2.12.5-bp153.2.5.1.x86_64", "SUSE Package Hub 15 SP1:icinga2-bin-2.12.5-bp153.2.5.1.aarch64", "SUSE Package Hub 15 SP1:icinga2-bin-2.12.5-bp153.2.5.1.ppc64le", "SUSE Package Hub 15 SP1:icinga2-bin-2.12.5-bp153.2.5.1.x86_64", "SUSE Package Hub 15 SP1:icinga2-common-2.12.5-bp153.2.5.1.aarch64", "SUSE Package Hub 15 SP1:icinga2-common-2.12.5-bp153.2.5.1.ppc64le", "SUSE Package Hub 15 SP1:icinga2-common-2.12.5-bp153.2.5.1.x86_64", "SUSE Package Hub 15 SP1:icinga2-doc-2.12.5-bp153.2.5.1.aarch64", "SUSE Package Hub 15 SP1:icinga2-doc-2.12.5-bp153.2.5.1.ppc64le", "SUSE Package Hub 15 SP1:icinga2-doc-2.12.5-bp153.2.5.1.x86_64", "SUSE Package Hub 15 SP1:icinga2-ido-mysql-2.12.5-bp153.2.5.1.aarch64", "SUSE Package Hub 15 SP1:icinga2-ido-mysql-2.12.5-bp153.2.5.1.ppc64le", "SUSE Package Hub 15 SP1:icinga2-ido-mysql-2.12.5-bp153.2.5.1.x86_64", "SUSE Package Hub 15 SP1:icinga2-ido-pgsql-2.12.5-bp153.2.5.1.aarch64", "SUSE Package Hub 15 SP1:icinga2-ido-pgsql-2.12.5-bp153.2.5.1.ppc64le", "SUSE Package Hub 15 SP1:icinga2-ido-pgsql-2.12.5-bp153.2.5.1.x86_64", "SUSE Package Hub 15 SP1:nano-icinga2-2.12.5-bp153.2.5.1.aarch64", "SUSE Package Hub 15 SP1:nano-icinga2-2.12.5-bp153.2.5.1.ppc64le", "SUSE Package Hub 15 SP1:nano-icinga2-2.12.5-bp153.2.5.1.x86_64", "SUSE Package Hub 15 SP1:vim-icinga2-2.12.5-bp153.2.5.1.aarch64", "SUSE Package Hub 15 SP1:vim-icinga2-2.12.5-bp153.2.5.1.ppc64le", "SUSE Package Hub 15 SP1:vim-icinga2-2.12.5-bp153.2.5.1.x86_64", "SUSE Package Hub 15 SP2:icinga2-2.12.5-bp153.2.5.1.aarch64", "SUSE Package Hub 15 SP2:icinga2-2.12.5-bp153.2.5.1.ppc64le", "SUSE Package Hub 15 SP2:icinga2-2.12.5-bp153.2.5.1.x86_64", "SUSE Package Hub 15 SP2:icinga2-bin-2.12.5-bp153.2.5.1.aarch64", "SUSE Package Hub 15 SP2:icinga2-bin-2.12.5-bp153.2.5.1.ppc64le", "SUSE Package Hub 15 SP2:icinga2-bin-2.12.5-bp153.2.5.1.x86_64", "SUSE Package Hub 15 SP2:icinga2-common-2.12.5-bp153.2.5.1.aarch64", "SUSE Package Hub 15 SP2:icinga2-common-2.12.5-bp153.2.5.1.ppc64le", "SUSE Package Hub 15 SP2:icinga2-common-2.12.5-bp153.2.5.1.x86_64", "SUSE Package Hub 15 SP2:icinga2-doc-2.12.5-bp153.2.5.1.aarch64", "SUSE Package Hub 15 SP2:icinga2-doc-2.12.5-bp153.2.5.1.ppc64le", "SUSE Package Hub 15 SP2:icinga2-doc-2.12.5-bp153.2.5.1.x86_64", "SUSE Package Hub 15 SP2:icinga2-ido-mysql-2.12.5-bp153.2.5.1.aarch64", "SUSE Package Hub 15 SP2:icinga2-ido-mysql-2.12.5-bp153.2.5.1.ppc64le", "SUSE Package Hub 15 SP2:icinga2-ido-mysql-2.12.5-bp153.2.5.1.x86_64", "SUSE Package Hub 15 SP2:icinga2-ido-pgsql-2.12.5-bp153.2.5.1.aarch64", "SUSE Package Hub 15 SP2:icinga2-ido-pgsql-2.12.5-bp153.2.5.1.ppc64le", "SUSE Package Hub 15 SP2:icinga2-ido-pgsql-2.12.5-bp153.2.5.1.x86_64", "SUSE Package Hub 15 SP2:nano-icinga2-2.12.5-bp153.2.5.1.aarch64", "SUSE Package Hub 15 SP2:nano-icinga2-2.12.5-bp153.2.5.1.ppc64le", "SUSE Package Hub 15 SP2:nano-icinga2-2.12.5-bp153.2.5.1.x86_64", "SUSE Package Hub 15 SP2:vim-icinga2-2.12.5-bp153.2.5.1.aarch64", "SUSE Package Hub 15 SP2:vim-icinga2-2.12.5-bp153.2.5.1.ppc64le", "SUSE Package Hub 15 SP2:vim-icinga2-2.12.5-bp153.2.5.1.x86_64", "SUSE Package Hub 15 SP3:icinga2-2.12.5-bp153.2.5.1.aarch64", "SUSE Package Hub 15 SP3:icinga2-2.12.5-bp153.2.5.1.ppc64le", "SUSE Package Hub 15 SP3:icinga2-2.12.5-bp153.2.5.1.x86_64", "SUSE Package Hub 15 SP3:icinga2-bin-2.12.5-bp153.2.5.1.aarch64", "SUSE Package Hub 15 SP3:icinga2-bin-2.12.5-bp153.2.5.1.ppc64le", "SUSE Package Hub 15 SP3:icinga2-bin-2.12.5-bp153.2.5.1.x86_64", "SUSE Package Hub 15 SP3:icinga2-common-2.12.5-bp153.2.5.1.aarch64", "SUSE Package Hub 15 SP3:icinga2-common-2.12.5-bp153.2.5.1.ppc64le", "SUSE Package Hub 15 SP3:icinga2-common-2.12.5-bp153.2.5.1.x86_64", "SUSE Package Hub 15 SP3:icinga2-doc-2.12.5-bp153.2.5.1.aarch64", "SUSE Package Hub 15 SP3:icinga2-doc-2.12.5-bp153.2.5.1.ppc64le", "SUSE Package Hub 15 SP3:icinga2-doc-2.12.5-bp153.2.5.1.x86_64", "SUSE Package Hub 15 SP3:icinga2-ido-mysql-2.12.5-bp153.2.5.1.aarch64", "SUSE Package Hub 15 SP3:icinga2-ido-mysql-2.12.5-bp153.2.5.1.ppc64le", "SUSE Package Hub 15 SP3:icinga2-ido-mysql-2.12.5-bp153.2.5.1.x86_64", "SUSE Package Hub 15 SP3:icinga2-ido-pgsql-2.12.5-bp153.2.5.1.aarch64", "SUSE Package Hub 15 SP3:icinga2-ido-pgsql-2.12.5-bp153.2.5.1.ppc64le", "SUSE Package Hub 15 SP3:icinga2-ido-pgsql-2.12.5-bp153.2.5.1.x86_64", "SUSE Package Hub 15 SP3:nano-icinga2-2.12.5-bp153.2.5.1.aarch64", "SUSE Package Hub 15 SP3:nano-icinga2-2.12.5-bp153.2.5.1.ppc64le", "SUSE Package Hub 15 SP3:nano-icinga2-2.12.5-bp153.2.5.1.x86_64", "SUSE Package Hub 15 SP3:vim-icinga2-2.12.5-bp153.2.5.1.aarch64", "SUSE Package Hub 15 SP3:vim-icinga2-2.12.5-bp153.2.5.1.ppc64le", "SUSE Package Hub 15 SP3:vim-icinga2-2.12.5-bp153.2.5.1.x86_64", "openSUSE Leap 15.2:icinga2-2.12.5-bp153.2.5.1.aarch64", "openSUSE Leap 15.2:icinga2-2.12.5-bp153.2.5.1.ppc64le", "openSUSE Leap 15.2:icinga2-2.12.5-bp153.2.5.1.x86_64", "openSUSE Leap 15.2:icinga2-bin-2.12.5-bp153.2.5.1.aarch64", "openSUSE Leap 15.2:icinga2-bin-2.12.5-bp153.2.5.1.ppc64le", "openSUSE Leap 15.2:icinga2-bin-2.12.5-bp153.2.5.1.x86_64", "openSUSE Leap 15.2:icinga2-common-2.12.5-bp153.2.5.1.aarch64", "openSUSE Leap 15.2:icinga2-common-2.12.5-bp153.2.5.1.ppc64le", "openSUSE Leap 15.2:icinga2-common-2.12.5-bp153.2.5.1.x86_64", "openSUSE Leap 15.2:icinga2-doc-2.12.5-bp153.2.5.1.aarch64", "openSUSE Leap 15.2:icinga2-doc-2.12.5-bp153.2.5.1.ppc64le", "openSUSE Leap 15.2:icinga2-doc-2.12.5-bp153.2.5.1.x86_64", "openSUSE Leap 15.2:icinga2-ido-mysql-2.12.5-bp153.2.5.1.aarch64", "openSUSE Leap 15.2:icinga2-ido-mysql-2.12.5-bp153.2.5.1.ppc64le", "openSUSE Leap 15.2:icinga2-ido-mysql-2.12.5-bp153.2.5.1.x86_64", "openSUSE Leap 15.2:icinga2-ido-pgsql-2.12.5-bp153.2.5.1.aarch64", "openSUSE Leap 15.2:icinga2-ido-pgsql-2.12.5-bp153.2.5.1.ppc64le", "openSUSE Leap 15.2:icinga2-ido-pgsql-2.12.5-bp153.2.5.1.x86_64", "openSUSE Leap 15.2:nano-icinga2-2.12.5-bp153.2.5.1.aarch64", "openSUSE Leap 15.2:nano-icinga2-2.12.5-bp153.2.5.1.ppc64le", "openSUSE Leap 15.2:nano-icinga2-2.12.5-bp153.2.5.1.x86_64", "openSUSE Leap 15.2:vim-icinga2-2.12.5-bp153.2.5.1.aarch64", "openSUSE Leap 15.2:vim-icinga2-2.12.5-bp153.2.5.1.ppc64le", "openSUSE Leap 15.2:vim-icinga2-2.12.5-bp153.2.5.1.x86_64", "openSUSE Leap 15.3:icinga2-2.12.5-bp153.2.5.1.aarch64", "openSUSE Leap 15.3:icinga2-2.12.5-bp153.2.5.1.ppc64le", "openSUSE Leap 15.3:icinga2-2.12.5-bp153.2.5.1.x86_64", "openSUSE Leap 15.3:icinga2-bin-2.12.5-bp153.2.5.1.aarch64", "openSUSE Leap 15.3:icinga2-bin-2.12.5-bp153.2.5.1.ppc64le", "openSUSE Leap 15.3:icinga2-bin-2.12.5-bp153.2.5.1.x86_64", "openSUSE Leap 15.3:icinga2-common-2.12.5-bp153.2.5.1.aarch64", "openSUSE Leap 15.3:icinga2-common-2.12.5-bp153.2.5.1.ppc64le", "openSUSE Leap 15.3:icinga2-common-2.12.5-bp153.2.5.1.x86_64", "openSUSE Leap 15.3:icinga2-doc-2.12.5-bp153.2.5.1.aarch64", "openSUSE Leap 15.3:icinga2-doc-2.12.5-bp153.2.5.1.ppc64le", "openSUSE Leap 15.3:icinga2-doc-2.12.5-bp153.2.5.1.x86_64", "openSUSE Leap 15.3:icinga2-ido-mysql-2.12.5-bp153.2.5.1.aarch64", "openSUSE Leap 15.3:icinga2-ido-mysql-2.12.5-bp153.2.5.1.ppc64le", "openSUSE Leap 15.3:icinga2-ido-mysql-2.12.5-bp153.2.5.1.x86_64", "openSUSE Leap 15.3:icinga2-ido-pgsql-2.12.5-bp153.2.5.1.aarch64", "openSUSE Leap 15.3:icinga2-ido-pgsql-2.12.5-bp153.2.5.1.ppc64le", "openSUSE Leap 15.3:icinga2-ido-pgsql-2.12.5-bp153.2.5.1.x86_64", "openSUSE Leap 15.3:nano-icinga2-2.12.5-bp153.2.5.1.aarch64", "openSUSE Leap 15.3:nano-icinga2-2.12.5-bp153.2.5.1.ppc64le", "openSUSE Leap 15.3:nano-icinga2-2.12.5-bp153.2.5.1.x86_64", "openSUSE Leap 15.3:vim-icinga2-2.12.5-bp153.2.5.1.aarch64", "openSUSE Leap 15.3:vim-icinga2-2.12.5-bp153.2.5.1.ppc64le", "openSUSE Leap 15.3:vim-icinga2-2.12.5-bp153.2.5.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2020-29663", url: "https://www.suse.com/security/cve/CVE-2020-29663", }, { category: "external", summary: "SUSE Bug 1180147 for CVE-2020-29663", url: "https://bugzilla.suse.com/1180147", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Package Hub 15 SP1:icinga2-2.12.5-bp153.2.5.1.aarch64", "SUSE Package Hub 15 SP1:icinga2-2.12.5-bp153.2.5.1.ppc64le", "SUSE Package Hub 15 SP1:icinga2-2.12.5-bp153.2.5.1.x86_64", "SUSE Package Hub 15 SP1:icinga2-bin-2.12.5-bp153.2.5.1.aarch64", "SUSE Package Hub 15 SP1:icinga2-bin-2.12.5-bp153.2.5.1.ppc64le", "SUSE Package Hub 15 SP1:icinga2-bin-2.12.5-bp153.2.5.1.x86_64", "SUSE Package Hub 15 SP1:icinga2-common-2.12.5-bp153.2.5.1.aarch64", "SUSE Package Hub 15 SP1:icinga2-common-2.12.5-bp153.2.5.1.ppc64le", "SUSE Package Hub 15 SP1:icinga2-common-2.12.5-bp153.2.5.1.x86_64", "SUSE Package Hub 15 SP1:icinga2-doc-2.12.5-bp153.2.5.1.aarch64", "SUSE Package Hub 15 SP1:icinga2-doc-2.12.5-bp153.2.5.1.ppc64le", "SUSE Package Hub 15 SP1:icinga2-doc-2.12.5-bp153.2.5.1.x86_64", "SUSE Package Hub 15 SP1:icinga2-ido-mysql-2.12.5-bp153.2.5.1.aarch64", "SUSE Package Hub 15 SP1:icinga2-ido-mysql-2.12.5-bp153.2.5.1.ppc64le", "SUSE Package Hub 15 SP1:icinga2-ido-mysql-2.12.5-bp153.2.5.1.x86_64", "SUSE Package Hub 15 SP1:icinga2-ido-pgsql-2.12.5-bp153.2.5.1.aarch64", "SUSE Package Hub 15 SP1:icinga2-ido-pgsql-2.12.5-bp153.2.5.1.ppc64le", "SUSE Package Hub 15 SP1:icinga2-ido-pgsql-2.12.5-bp153.2.5.1.x86_64", "SUSE Package Hub 15 SP1:nano-icinga2-2.12.5-bp153.2.5.1.aarch64", "SUSE Package Hub 15 SP1:nano-icinga2-2.12.5-bp153.2.5.1.ppc64le", "SUSE Package Hub 15 SP1:nano-icinga2-2.12.5-bp153.2.5.1.x86_64", "SUSE Package Hub 15 SP1:vim-icinga2-2.12.5-bp153.2.5.1.aarch64", "SUSE Package Hub 15 SP1:vim-icinga2-2.12.5-bp153.2.5.1.ppc64le", "SUSE Package Hub 15 SP1:vim-icinga2-2.12.5-bp153.2.5.1.x86_64", "SUSE Package Hub 15 SP2:icinga2-2.12.5-bp153.2.5.1.aarch64", "SUSE Package Hub 15 SP2:icinga2-2.12.5-bp153.2.5.1.ppc64le", "SUSE Package Hub 15 SP2:icinga2-2.12.5-bp153.2.5.1.x86_64", "SUSE Package Hub 15 SP2:icinga2-bin-2.12.5-bp153.2.5.1.aarch64", "SUSE Package Hub 15 SP2:icinga2-bin-2.12.5-bp153.2.5.1.ppc64le", "SUSE Package Hub 15 SP2:icinga2-bin-2.12.5-bp153.2.5.1.x86_64", "SUSE Package Hub 15 SP2:icinga2-common-2.12.5-bp153.2.5.1.aarch64", "SUSE Package Hub 15 SP2:icinga2-common-2.12.5-bp153.2.5.1.ppc64le", "SUSE Package Hub 15 SP2:icinga2-common-2.12.5-bp153.2.5.1.x86_64", "SUSE Package Hub 15 SP2:icinga2-doc-2.12.5-bp153.2.5.1.aarch64", "SUSE Package Hub 15 SP2:icinga2-doc-2.12.5-bp153.2.5.1.ppc64le", "SUSE Package Hub 15 SP2:icinga2-doc-2.12.5-bp153.2.5.1.x86_64", "SUSE Package Hub 15 SP2:icinga2-ido-mysql-2.12.5-bp153.2.5.1.aarch64", "SUSE Package Hub 15 SP2:icinga2-ido-mysql-2.12.5-bp153.2.5.1.ppc64le", "SUSE Package Hub 15 SP2:icinga2-ido-mysql-2.12.5-bp153.2.5.1.x86_64", "SUSE Package Hub 15 SP2:icinga2-ido-pgsql-2.12.5-bp153.2.5.1.aarch64", "SUSE Package Hub 15 SP2:icinga2-ido-pgsql-2.12.5-bp153.2.5.1.ppc64le", "SUSE Package Hub 15 SP2:icinga2-ido-pgsql-2.12.5-bp153.2.5.1.x86_64", "SUSE Package Hub 15 SP2:nano-icinga2-2.12.5-bp153.2.5.1.aarch64", "SUSE Package Hub 15 SP2:nano-icinga2-2.12.5-bp153.2.5.1.ppc64le", "SUSE Package Hub 15 SP2:nano-icinga2-2.12.5-bp153.2.5.1.x86_64", "SUSE Package Hub 15 SP2:vim-icinga2-2.12.5-bp153.2.5.1.aarch64", "SUSE Package Hub 15 SP2:vim-icinga2-2.12.5-bp153.2.5.1.ppc64le", "SUSE Package Hub 15 SP2:vim-icinga2-2.12.5-bp153.2.5.1.x86_64", "SUSE Package Hub 15 SP3:icinga2-2.12.5-bp153.2.5.1.aarch64", "SUSE Package Hub 15 SP3:icinga2-2.12.5-bp153.2.5.1.ppc64le", "SUSE Package Hub 15 SP3:icinga2-2.12.5-bp153.2.5.1.x86_64", "SUSE Package Hub 15 SP3:icinga2-bin-2.12.5-bp153.2.5.1.aarch64", "SUSE Package Hub 15 SP3:icinga2-bin-2.12.5-bp153.2.5.1.ppc64le", "SUSE Package Hub 15 SP3:icinga2-bin-2.12.5-bp153.2.5.1.x86_64", "SUSE Package Hub 15 SP3:icinga2-common-2.12.5-bp153.2.5.1.aarch64", "SUSE Package Hub 15 SP3:icinga2-common-2.12.5-bp153.2.5.1.ppc64le", "SUSE Package Hub 15 SP3:icinga2-common-2.12.5-bp153.2.5.1.x86_64", "SUSE Package Hub 15 SP3:icinga2-doc-2.12.5-bp153.2.5.1.aarch64", "SUSE Package Hub 15 SP3:icinga2-doc-2.12.5-bp153.2.5.1.ppc64le", "SUSE Package Hub 15 SP3:icinga2-doc-2.12.5-bp153.2.5.1.x86_64", "SUSE Package Hub 15 SP3:icinga2-ido-mysql-2.12.5-bp153.2.5.1.aarch64", "SUSE Package Hub 15 SP3:icinga2-ido-mysql-2.12.5-bp153.2.5.1.ppc64le", "SUSE Package Hub 15 SP3:icinga2-ido-mysql-2.12.5-bp153.2.5.1.x86_64", "SUSE Package Hub 15 SP3:icinga2-ido-pgsql-2.12.5-bp153.2.5.1.aarch64", "SUSE Package Hub 15 SP3:icinga2-ido-pgsql-2.12.5-bp153.2.5.1.ppc64le", "SUSE Package Hub 15 SP3:icinga2-ido-pgsql-2.12.5-bp153.2.5.1.x86_64", "SUSE Package Hub 15 SP3:nano-icinga2-2.12.5-bp153.2.5.1.aarch64", "SUSE Package Hub 15 SP3:nano-icinga2-2.12.5-bp153.2.5.1.ppc64le", "SUSE Package Hub 15 SP3:nano-icinga2-2.12.5-bp153.2.5.1.x86_64", "SUSE Package Hub 15 SP3:vim-icinga2-2.12.5-bp153.2.5.1.aarch64", "SUSE Package Hub 15 SP3:vim-icinga2-2.12.5-bp153.2.5.1.ppc64le", "SUSE Package Hub 15 SP3:vim-icinga2-2.12.5-bp153.2.5.1.x86_64", "openSUSE Leap 15.2:icinga2-2.12.5-bp153.2.5.1.aarch64", "openSUSE Leap 15.2:icinga2-2.12.5-bp153.2.5.1.ppc64le", "openSUSE Leap 15.2:icinga2-2.12.5-bp153.2.5.1.x86_64", "openSUSE Leap 15.2:icinga2-bin-2.12.5-bp153.2.5.1.aarch64", "openSUSE Leap 15.2:icinga2-bin-2.12.5-bp153.2.5.1.ppc64le", "openSUSE Leap 15.2:icinga2-bin-2.12.5-bp153.2.5.1.x86_64", "openSUSE Leap 15.2:icinga2-common-2.12.5-bp153.2.5.1.aarch64", "openSUSE Leap 15.2:icinga2-common-2.12.5-bp153.2.5.1.ppc64le", "openSUSE Leap 15.2:icinga2-common-2.12.5-bp153.2.5.1.x86_64", "openSUSE Leap 15.2:icinga2-doc-2.12.5-bp153.2.5.1.aarch64", "openSUSE Leap 15.2:icinga2-doc-2.12.5-bp153.2.5.1.ppc64le", "openSUSE Leap 15.2:icinga2-doc-2.12.5-bp153.2.5.1.x86_64", "openSUSE Leap 15.2:icinga2-ido-mysql-2.12.5-bp153.2.5.1.aarch64", "openSUSE Leap 15.2:icinga2-ido-mysql-2.12.5-bp153.2.5.1.ppc64le", "openSUSE Leap 15.2:icinga2-ido-mysql-2.12.5-bp153.2.5.1.x86_64", "openSUSE Leap 15.2:icinga2-ido-pgsql-2.12.5-bp153.2.5.1.aarch64", "openSUSE Leap 15.2:icinga2-ido-pgsql-2.12.5-bp153.2.5.1.ppc64le", "openSUSE Leap 15.2:icinga2-ido-pgsql-2.12.5-bp153.2.5.1.x86_64", "openSUSE Leap 15.2:nano-icinga2-2.12.5-bp153.2.5.1.aarch64", "openSUSE Leap 15.2:nano-icinga2-2.12.5-bp153.2.5.1.ppc64le", "openSUSE Leap 15.2:nano-icinga2-2.12.5-bp153.2.5.1.x86_64", "openSUSE Leap 15.2:vim-icinga2-2.12.5-bp153.2.5.1.aarch64", "openSUSE Leap 15.2:vim-icinga2-2.12.5-bp153.2.5.1.ppc64le", "openSUSE Leap 15.2:vim-icinga2-2.12.5-bp153.2.5.1.x86_64", "openSUSE Leap 15.3:icinga2-2.12.5-bp153.2.5.1.aarch64", "openSUSE Leap 15.3:icinga2-2.12.5-bp153.2.5.1.ppc64le", "openSUSE Leap 15.3:icinga2-2.12.5-bp153.2.5.1.x86_64", "openSUSE Leap 15.3:icinga2-bin-2.12.5-bp153.2.5.1.aarch64", "openSUSE Leap 15.3:icinga2-bin-2.12.5-bp153.2.5.1.ppc64le", "openSUSE Leap 15.3:icinga2-bin-2.12.5-bp153.2.5.1.x86_64", "openSUSE Leap 15.3:icinga2-common-2.12.5-bp153.2.5.1.aarch64", "openSUSE Leap 15.3:icinga2-common-2.12.5-bp153.2.5.1.ppc64le", "openSUSE Leap 15.3:icinga2-common-2.12.5-bp153.2.5.1.x86_64", "openSUSE Leap 15.3:icinga2-doc-2.12.5-bp153.2.5.1.aarch64", "openSUSE Leap 15.3:icinga2-doc-2.12.5-bp153.2.5.1.ppc64le", "openSUSE Leap 15.3:icinga2-doc-2.12.5-bp153.2.5.1.x86_64", "openSUSE Leap 15.3:icinga2-ido-mysql-2.12.5-bp153.2.5.1.aarch64", "openSUSE Leap 15.3:icinga2-ido-mysql-2.12.5-bp153.2.5.1.ppc64le", "openSUSE Leap 15.3:icinga2-ido-mysql-2.12.5-bp153.2.5.1.x86_64", "openSUSE Leap 15.3:icinga2-ido-pgsql-2.12.5-bp153.2.5.1.aarch64", "openSUSE Leap 15.3:icinga2-ido-pgsql-2.12.5-bp153.2.5.1.ppc64le", "openSUSE Leap 15.3:icinga2-ido-pgsql-2.12.5-bp153.2.5.1.x86_64", "openSUSE Leap 15.3:nano-icinga2-2.12.5-bp153.2.5.1.aarch64", "openSUSE Leap 15.3:nano-icinga2-2.12.5-bp153.2.5.1.ppc64le", "openSUSE Leap 15.3:nano-icinga2-2.12.5-bp153.2.5.1.x86_64", "openSUSE Leap 15.3:vim-icinga2-2.12.5-bp153.2.5.1.aarch64", "openSUSE Leap 15.3:vim-icinga2-2.12.5-bp153.2.5.1.ppc64le", "openSUSE Leap 15.3:vim-icinga2-2.12.5-bp153.2.5.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", version: "3.1", }, products: [ "SUSE Package Hub 15 SP1:icinga2-2.12.5-bp153.2.5.1.aarch64", "SUSE Package Hub 15 SP1:icinga2-2.12.5-bp153.2.5.1.ppc64le", "SUSE Package Hub 15 SP1:icinga2-2.12.5-bp153.2.5.1.x86_64", "SUSE Package Hub 15 SP1:icinga2-bin-2.12.5-bp153.2.5.1.aarch64", "SUSE Package Hub 15 SP1:icinga2-bin-2.12.5-bp153.2.5.1.ppc64le", "SUSE Package Hub 15 SP1:icinga2-bin-2.12.5-bp153.2.5.1.x86_64", "SUSE Package Hub 15 SP1:icinga2-common-2.12.5-bp153.2.5.1.aarch64", "SUSE Package Hub 15 SP1:icinga2-common-2.12.5-bp153.2.5.1.ppc64le", "SUSE Package Hub 15 SP1:icinga2-common-2.12.5-bp153.2.5.1.x86_64", "SUSE Package Hub 15 SP1:icinga2-doc-2.12.5-bp153.2.5.1.aarch64", "SUSE Package Hub 15 SP1:icinga2-doc-2.12.5-bp153.2.5.1.ppc64le", "SUSE Package Hub 15 SP1:icinga2-doc-2.12.5-bp153.2.5.1.x86_64", "SUSE Package Hub 15 SP1:icinga2-ido-mysql-2.12.5-bp153.2.5.1.aarch64", "SUSE Package Hub 15 SP1:icinga2-ido-mysql-2.12.5-bp153.2.5.1.ppc64le", "SUSE Package Hub 15 SP1:icinga2-ido-mysql-2.12.5-bp153.2.5.1.x86_64", "SUSE Package Hub 15 SP1:icinga2-ido-pgsql-2.12.5-bp153.2.5.1.aarch64", "SUSE Package Hub 15 SP1:icinga2-ido-pgsql-2.12.5-bp153.2.5.1.ppc64le", "SUSE Package Hub 15 SP1:icinga2-ido-pgsql-2.12.5-bp153.2.5.1.x86_64", "SUSE Package Hub 15 SP1:nano-icinga2-2.12.5-bp153.2.5.1.aarch64", "SUSE Package Hub 15 SP1:nano-icinga2-2.12.5-bp153.2.5.1.ppc64le", "SUSE Package Hub 15 SP1:nano-icinga2-2.12.5-bp153.2.5.1.x86_64", "SUSE Package Hub 15 SP1:vim-icinga2-2.12.5-bp153.2.5.1.aarch64", "SUSE Package Hub 15 SP1:vim-icinga2-2.12.5-bp153.2.5.1.ppc64le", "SUSE Package Hub 15 SP1:vim-icinga2-2.12.5-bp153.2.5.1.x86_64", "SUSE Package Hub 15 SP2:icinga2-2.12.5-bp153.2.5.1.aarch64", "SUSE Package Hub 15 SP2:icinga2-2.12.5-bp153.2.5.1.ppc64le", "SUSE Package Hub 15 SP2:icinga2-2.12.5-bp153.2.5.1.x86_64", "SUSE Package Hub 15 SP2:icinga2-bin-2.12.5-bp153.2.5.1.aarch64", "SUSE Package Hub 15 SP2:icinga2-bin-2.12.5-bp153.2.5.1.ppc64le", "SUSE Package Hub 15 SP2:icinga2-bin-2.12.5-bp153.2.5.1.x86_64", "SUSE Package Hub 15 SP2:icinga2-common-2.12.5-bp153.2.5.1.aarch64", "SUSE Package Hub 15 SP2:icinga2-common-2.12.5-bp153.2.5.1.ppc64le", "SUSE Package Hub 15 SP2:icinga2-common-2.12.5-bp153.2.5.1.x86_64", "SUSE Package Hub 15 SP2:icinga2-doc-2.12.5-bp153.2.5.1.aarch64", "SUSE Package Hub 15 SP2:icinga2-doc-2.12.5-bp153.2.5.1.ppc64le", "SUSE Package Hub 15 SP2:icinga2-doc-2.12.5-bp153.2.5.1.x86_64", "SUSE Package Hub 15 SP2:icinga2-ido-mysql-2.12.5-bp153.2.5.1.aarch64", "SUSE Package Hub 15 SP2:icinga2-ido-mysql-2.12.5-bp153.2.5.1.ppc64le", "SUSE Package Hub 15 SP2:icinga2-ido-mysql-2.12.5-bp153.2.5.1.x86_64", "SUSE Package Hub 15 SP2:icinga2-ido-pgsql-2.12.5-bp153.2.5.1.aarch64", "SUSE Package Hub 15 SP2:icinga2-ido-pgsql-2.12.5-bp153.2.5.1.ppc64le", "SUSE Package Hub 15 SP2:icinga2-ido-pgsql-2.12.5-bp153.2.5.1.x86_64", "SUSE Package Hub 15 SP2:nano-icinga2-2.12.5-bp153.2.5.1.aarch64", "SUSE Package Hub 15 SP2:nano-icinga2-2.12.5-bp153.2.5.1.ppc64le", "SUSE Package Hub 15 SP2:nano-icinga2-2.12.5-bp153.2.5.1.x86_64", "SUSE Package Hub 15 SP2:vim-icinga2-2.12.5-bp153.2.5.1.aarch64", "SUSE Package Hub 15 SP2:vim-icinga2-2.12.5-bp153.2.5.1.ppc64le", "SUSE Package Hub 15 SP2:vim-icinga2-2.12.5-bp153.2.5.1.x86_64", "SUSE Package Hub 15 SP3:icinga2-2.12.5-bp153.2.5.1.aarch64", "SUSE Package Hub 15 SP3:icinga2-2.12.5-bp153.2.5.1.ppc64le", "SUSE Package Hub 15 SP3:icinga2-2.12.5-bp153.2.5.1.x86_64", "SUSE Package Hub 15 SP3:icinga2-bin-2.12.5-bp153.2.5.1.aarch64", "SUSE Package Hub 15 SP3:icinga2-bin-2.12.5-bp153.2.5.1.ppc64le", "SUSE Package Hub 15 SP3:icinga2-bin-2.12.5-bp153.2.5.1.x86_64", "SUSE Package Hub 15 SP3:icinga2-common-2.12.5-bp153.2.5.1.aarch64", "SUSE Package Hub 15 SP3:icinga2-common-2.12.5-bp153.2.5.1.ppc64le", "SUSE Package Hub 15 SP3:icinga2-common-2.12.5-bp153.2.5.1.x86_64", "SUSE Package Hub 15 SP3:icinga2-doc-2.12.5-bp153.2.5.1.aarch64", "SUSE Package Hub 15 SP3:icinga2-doc-2.12.5-bp153.2.5.1.ppc64le", "SUSE Package Hub 15 SP3:icinga2-doc-2.12.5-bp153.2.5.1.x86_64", "SUSE Package Hub 15 SP3:icinga2-ido-mysql-2.12.5-bp153.2.5.1.aarch64", "SUSE Package Hub 15 SP3:icinga2-ido-mysql-2.12.5-bp153.2.5.1.ppc64le", "SUSE Package Hub 15 SP3:icinga2-ido-mysql-2.12.5-bp153.2.5.1.x86_64", "SUSE Package Hub 15 SP3:icinga2-ido-pgsql-2.12.5-bp153.2.5.1.aarch64", "SUSE Package Hub 15 SP3:icinga2-ido-pgsql-2.12.5-bp153.2.5.1.ppc64le", "SUSE Package Hub 15 SP3:icinga2-ido-pgsql-2.12.5-bp153.2.5.1.x86_64", "SUSE Package Hub 15 SP3:nano-icinga2-2.12.5-bp153.2.5.1.aarch64", "SUSE Package Hub 15 SP3:nano-icinga2-2.12.5-bp153.2.5.1.ppc64le", "SUSE Package Hub 15 SP3:nano-icinga2-2.12.5-bp153.2.5.1.x86_64", "SUSE Package Hub 15 SP3:vim-icinga2-2.12.5-bp153.2.5.1.aarch64", "SUSE Package Hub 15 SP3:vim-icinga2-2.12.5-bp153.2.5.1.ppc64le", "SUSE Package Hub 15 SP3:vim-icinga2-2.12.5-bp153.2.5.1.x86_64", "openSUSE Leap 15.2:icinga2-2.12.5-bp153.2.5.1.aarch64", "openSUSE Leap 15.2:icinga2-2.12.5-bp153.2.5.1.ppc64le", "openSUSE Leap 15.2:icinga2-2.12.5-bp153.2.5.1.x86_64", "openSUSE Leap 15.2:icinga2-bin-2.12.5-bp153.2.5.1.aarch64", "openSUSE Leap 15.2:icinga2-bin-2.12.5-bp153.2.5.1.ppc64le", "openSUSE Leap 15.2:icinga2-bin-2.12.5-bp153.2.5.1.x86_64", "openSUSE Leap 15.2:icinga2-common-2.12.5-bp153.2.5.1.aarch64", "openSUSE Leap 15.2:icinga2-common-2.12.5-bp153.2.5.1.ppc64le", "openSUSE Leap 15.2:icinga2-common-2.12.5-bp153.2.5.1.x86_64", "openSUSE Leap 15.2:icinga2-doc-2.12.5-bp153.2.5.1.aarch64", "openSUSE Leap 15.2:icinga2-doc-2.12.5-bp153.2.5.1.ppc64le", "openSUSE Leap 15.2:icinga2-doc-2.12.5-bp153.2.5.1.x86_64", "openSUSE Leap 15.2:icinga2-ido-mysql-2.12.5-bp153.2.5.1.aarch64", "openSUSE Leap 15.2:icinga2-ido-mysql-2.12.5-bp153.2.5.1.ppc64le", "openSUSE Leap 15.2:icinga2-ido-mysql-2.12.5-bp153.2.5.1.x86_64", "openSUSE Leap 15.2:icinga2-ido-pgsql-2.12.5-bp153.2.5.1.aarch64", "openSUSE Leap 15.2:icinga2-ido-pgsql-2.12.5-bp153.2.5.1.ppc64le", "openSUSE Leap 15.2:icinga2-ido-pgsql-2.12.5-bp153.2.5.1.x86_64", "openSUSE Leap 15.2:nano-icinga2-2.12.5-bp153.2.5.1.aarch64", "openSUSE Leap 15.2:nano-icinga2-2.12.5-bp153.2.5.1.ppc64le", "openSUSE Leap 15.2:nano-icinga2-2.12.5-bp153.2.5.1.x86_64", "openSUSE Leap 15.2:vim-icinga2-2.12.5-bp153.2.5.1.aarch64", "openSUSE Leap 15.2:vim-icinga2-2.12.5-bp153.2.5.1.ppc64le", "openSUSE Leap 15.2:vim-icinga2-2.12.5-bp153.2.5.1.x86_64", "openSUSE Leap 15.3:icinga2-2.12.5-bp153.2.5.1.aarch64", "openSUSE Leap 15.3:icinga2-2.12.5-bp153.2.5.1.ppc64le", "openSUSE Leap 15.3:icinga2-2.12.5-bp153.2.5.1.x86_64", "openSUSE Leap 15.3:icinga2-bin-2.12.5-bp153.2.5.1.aarch64", "openSUSE Leap 15.3:icinga2-bin-2.12.5-bp153.2.5.1.ppc64le", "openSUSE Leap 15.3:icinga2-bin-2.12.5-bp153.2.5.1.x86_64", "openSUSE Leap 15.3:icinga2-common-2.12.5-bp153.2.5.1.aarch64", "openSUSE Leap 15.3:icinga2-common-2.12.5-bp153.2.5.1.ppc64le", "openSUSE Leap 15.3:icinga2-common-2.12.5-bp153.2.5.1.x86_64", "openSUSE Leap 15.3:icinga2-doc-2.12.5-bp153.2.5.1.aarch64", "openSUSE Leap 15.3:icinga2-doc-2.12.5-bp153.2.5.1.ppc64le", "openSUSE Leap 15.3:icinga2-doc-2.12.5-bp153.2.5.1.x86_64", "openSUSE Leap 15.3:icinga2-ido-mysql-2.12.5-bp153.2.5.1.aarch64", "openSUSE Leap 15.3:icinga2-ido-mysql-2.12.5-bp153.2.5.1.ppc64le", "openSUSE Leap 15.3:icinga2-ido-mysql-2.12.5-bp153.2.5.1.x86_64", "openSUSE Leap 15.3:icinga2-ido-pgsql-2.12.5-bp153.2.5.1.aarch64", "openSUSE Leap 15.3:icinga2-ido-pgsql-2.12.5-bp153.2.5.1.ppc64le", "openSUSE Leap 15.3:icinga2-ido-pgsql-2.12.5-bp153.2.5.1.x86_64", "openSUSE Leap 15.3:nano-icinga2-2.12.5-bp153.2.5.1.aarch64", "openSUSE Leap 15.3:nano-icinga2-2.12.5-bp153.2.5.1.ppc64le", "openSUSE Leap 15.3:nano-icinga2-2.12.5-bp153.2.5.1.x86_64", "openSUSE Leap 15.3:vim-icinga2-2.12.5-bp153.2.5.1.aarch64", "openSUSE Leap 15.3:vim-icinga2-2.12.5-bp153.2.5.1.ppc64le", "openSUSE Leap 15.3:vim-icinga2-2.12.5-bp153.2.5.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2021-07-24T18:06:03Z", details: "moderate", }, ], title: "CVE-2020-29663", }, { cve: "CVE-2021-32739", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2021-32739", }, ], notes: [ { category: "general", text: "Icinga is a monitoring system which checks the availability of network resources, notifies users of outages, and generates performance data for reporting. From version 2.4.0 through version 2.12.4, a vulnerability exists that may allow privilege escalation for authenticated API users. With a read-ony user's credentials, an attacker can view most attributes of all config objects including `ticket_salt` of `ApiListener`. This salt is enough to compute a ticket for every possible common name (CN). A ticket, the master node's certificate, and a self-signed certificate are enough to successfully request the desired certificate from Icinga. That certificate may in turn be used to steal an endpoint or API user's identity. Versions 2.12.5 and 2.11.10 both contain a fix the vulnerability. As a workaround, one may either specify queryable types explicitly or filter out ApiListener objects.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Package Hub 15 SP1:icinga2-2.12.5-bp153.2.5.1.aarch64", "SUSE Package Hub 15 SP1:icinga2-2.12.5-bp153.2.5.1.ppc64le", "SUSE Package Hub 15 SP1:icinga2-2.12.5-bp153.2.5.1.x86_64", "SUSE Package Hub 15 SP1:icinga2-bin-2.12.5-bp153.2.5.1.aarch64", "SUSE Package Hub 15 SP1:icinga2-bin-2.12.5-bp153.2.5.1.ppc64le", "SUSE Package Hub 15 SP1:icinga2-bin-2.12.5-bp153.2.5.1.x86_64", "SUSE Package Hub 15 SP1:icinga2-common-2.12.5-bp153.2.5.1.aarch64", "SUSE Package Hub 15 SP1:icinga2-common-2.12.5-bp153.2.5.1.ppc64le", "SUSE Package Hub 15 SP1:icinga2-common-2.12.5-bp153.2.5.1.x86_64", "SUSE Package Hub 15 SP1:icinga2-doc-2.12.5-bp153.2.5.1.aarch64", "SUSE Package Hub 15 SP1:icinga2-doc-2.12.5-bp153.2.5.1.ppc64le", "SUSE Package Hub 15 SP1:icinga2-doc-2.12.5-bp153.2.5.1.x86_64", "SUSE Package Hub 15 SP1:icinga2-ido-mysql-2.12.5-bp153.2.5.1.aarch64", "SUSE Package Hub 15 SP1:icinga2-ido-mysql-2.12.5-bp153.2.5.1.ppc64le", "SUSE Package Hub 15 SP1:icinga2-ido-mysql-2.12.5-bp153.2.5.1.x86_64", "SUSE Package Hub 15 SP1:icinga2-ido-pgsql-2.12.5-bp153.2.5.1.aarch64", "SUSE Package Hub 15 SP1:icinga2-ido-pgsql-2.12.5-bp153.2.5.1.ppc64le", "SUSE Package Hub 15 SP1:icinga2-ido-pgsql-2.12.5-bp153.2.5.1.x86_64", "SUSE Package Hub 15 SP1:nano-icinga2-2.12.5-bp153.2.5.1.aarch64", "SUSE Package Hub 15 SP1:nano-icinga2-2.12.5-bp153.2.5.1.ppc64le", "SUSE Package Hub 15 SP1:nano-icinga2-2.12.5-bp153.2.5.1.x86_64", "SUSE Package Hub 15 SP1:vim-icinga2-2.12.5-bp153.2.5.1.aarch64", "SUSE Package Hub 15 SP1:vim-icinga2-2.12.5-bp153.2.5.1.ppc64le", "SUSE Package Hub 15 SP1:vim-icinga2-2.12.5-bp153.2.5.1.x86_64", "SUSE Package Hub 15 SP2:icinga2-2.12.5-bp153.2.5.1.aarch64", "SUSE Package Hub 15 SP2:icinga2-2.12.5-bp153.2.5.1.ppc64le", "SUSE Package Hub 15 SP2:icinga2-2.12.5-bp153.2.5.1.x86_64", "SUSE Package Hub 15 SP2:icinga2-bin-2.12.5-bp153.2.5.1.aarch64", "SUSE Package Hub 15 SP2:icinga2-bin-2.12.5-bp153.2.5.1.ppc64le", "SUSE Package Hub 15 SP2:icinga2-bin-2.12.5-bp153.2.5.1.x86_64", "SUSE Package Hub 15 SP2:icinga2-common-2.12.5-bp153.2.5.1.aarch64", "SUSE Package Hub 15 SP2:icinga2-common-2.12.5-bp153.2.5.1.ppc64le", "SUSE Package Hub 15 SP2:icinga2-common-2.12.5-bp153.2.5.1.x86_64", "SUSE Package Hub 15 SP2:icinga2-doc-2.12.5-bp153.2.5.1.aarch64", "SUSE Package Hub 15 SP2:icinga2-doc-2.12.5-bp153.2.5.1.ppc64le", "SUSE Package Hub 15 SP2:icinga2-doc-2.12.5-bp153.2.5.1.x86_64", "SUSE Package Hub 15 SP2:icinga2-ido-mysql-2.12.5-bp153.2.5.1.aarch64", "SUSE Package Hub 15 SP2:icinga2-ido-mysql-2.12.5-bp153.2.5.1.ppc64le", "SUSE Package Hub 15 SP2:icinga2-ido-mysql-2.12.5-bp153.2.5.1.x86_64", "SUSE Package Hub 15 SP2:icinga2-ido-pgsql-2.12.5-bp153.2.5.1.aarch64", "SUSE Package Hub 15 SP2:icinga2-ido-pgsql-2.12.5-bp153.2.5.1.ppc64le", "SUSE Package Hub 15 SP2:icinga2-ido-pgsql-2.12.5-bp153.2.5.1.x86_64", "SUSE Package Hub 15 SP2:nano-icinga2-2.12.5-bp153.2.5.1.aarch64", "SUSE Package Hub 15 SP2:nano-icinga2-2.12.5-bp153.2.5.1.ppc64le", "SUSE Package Hub 15 SP2:nano-icinga2-2.12.5-bp153.2.5.1.x86_64", "SUSE Package Hub 15 SP2:vim-icinga2-2.12.5-bp153.2.5.1.aarch64", "SUSE Package Hub 15 SP2:vim-icinga2-2.12.5-bp153.2.5.1.ppc64le", "SUSE Package Hub 15 SP2:vim-icinga2-2.12.5-bp153.2.5.1.x86_64", "SUSE Package Hub 15 SP3:icinga2-2.12.5-bp153.2.5.1.aarch64", "SUSE Package Hub 15 SP3:icinga2-2.12.5-bp153.2.5.1.ppc64le", "SUSE Package Hub 15 SP3:icinga2-2.12.5-bp153.2.5.1.x86_64", "SUSE Package Hub 15 SP3:icinga2-bin-2.12.5-bp153.2.5.1.aarch64", "SUSE Package Hub 15 SP3:icinga2-bin-2.12.5-bp153.2.5.1.ppc64le", "SUSE Package Hub 15 SP3:icinga2-bin-2.12.5-bp153.2.5.1.x86_64", "SUSE Package Hub 15 SP3:icinga2-common-2.12.5-bp153.2.5.1.aarch64", "SUSE Package Hub 15 SP3:icinga2-common-2.12.5-bp153.2.5.1.ppc64le", "SUSE Package Hub 15 SP3:icinga2-common-2.12.5-bp153.2.5.1.x86_64", "SUSE Package Hub 15 SP3:icinga2-doc-2.12.5-bp153.2.5.1.aarch64", "SUSE Package Hub 15 SP3:icinga2-doc-2.12.5-bp153.2.5.1.ppc64le", "SUSE Package Hub 15 SP3:icinga2-doc-2.12.5-bp153.2.5.1.x86_64", "SUSE Package Hub 15 SP3:icinga2-ido-mysql-2.12.5-bp153.2.5.1.aarch64", "SUSE Package Hub 15 SP3:icinga2-ido-mysql-2.12.5-bp153.2.5.1.ppc64le", "SUSE Package Hub 15 SP3:icinga2-ido-mysql-2.12.5-bp153.2.5.1.x86_64", "SUSE Package Hub 15 SP3:icinga2-ido-pgsql-2.12.5-bp153.2.5.1.aarch64", "SUSE Package Hub 15 SP3:icinga2-ido-pgsql-2.12.5-bp153.2.5.1.ppc64le", "SUSE Package Hub 15 SP3:icinga2-ido-pgsql-2.12.5-bp153.2.5.1.x86_64", "SUSE Package Hub 15 SP3:nano-icinga2-2.12.5-bp153.2.5.1.aarch64", "SUSE Package Hub 15 SP3:nano-icinga2-2.12.5-bp153.2.5.1.ppc64le", "SUSE Package Hub 15 SP3:nano-icinga2-2.12.5-bp153.2.5.1.x86_64", "SUSE Package Hub 15 SP3:vim-icinga2-2.12.5-bp153.2.5.1.aarch64", "SUSE Package Hub 15 SP3:vim-icinga2-2.12.5-bp153.2.5.1.ppc64le", "SUSE Package Hub 15 SP3:vim-icinga2-2.12.5-bp153.2.5.1.x86_64", "openSUSE Leap 15.2:icinga2-2.12.5-bp153.2.5.1.aarch64", "openSUSE Leap 15.2:icinga2-2.12.5-bp153.2.5.1.ppc64le", "openSUSE Leap 15.2:icinga2-2.12.5-bp153.2.5.1.x86_64", "openSUSE Leap 15.2:icinga2-bin-2.12.5-bp153.2.5.1.aarch64", "openSUSE Leap 15.2:icinga2-bin-2.12.5-bp153.2.5.1.ppc64le", "openSUSE Leap 15.2:icinga2-bin-2.12.5-bp153.2.5.1.x86_64", "openSUSE Leap 15.2:icinga2-common-2.12.5-bp153.2.5.1.aarch64", "openSUSE Leap 15.2:icinga2-common-2.12.5-bp153.2.5.1.ppc64le", "openSUSE Leap 15.2:icinga2-common-2.12.5-bp153.2.5.1.x86_64", "openSUSE Leap 15.2:icinga2-doc-2.12.5-bp153.2.5.1.aarch64", "openSUSE Leap 15.2:icinga2-doc-2.12.5-bp153.2.5.1.ppc64le", "openSUSE Leap 15.2:icinga2-doc-2.12.5-bp153.2.5.1.x86_64", "openSUSE Leap 15.2:icinga2-ido-mysql-2.12.5-bp153.2.5.1.aarch64", "openSUSE Leap 15.2:icinga2-ido-mysql-2.12.5-bp153.2.5.1.ppc64le", "openSUSE Leap 15.2:icinga2-ido-mysql-2.12.5-bp153.2.5.1.x86_64", "openSUSE Leap 15.2:icinga2-ido-pgsql-2.12.5-bp153.2.5.1.aarch64", "openSUSE Leap 15.2:icinga2-ido-pgsql-2.12.5-bp153.2.5.1.ppc64le", "openSUSE Leap 15.2:icinga2-ido-pgsql-2.12.5-bp153.2.5.1.x86_64", "openSUSE Leap 15.2:nano-icinga2-2.12.5-bp153.2.5.1.aarch64", "openSUSE Leap 15.2:nano-icinga2-2.12.5-bp153.2.5.1.ppc64le", "openSUSE Leap 15.2:nano-icinga2-2.12.5-bp153.2.5.1.x86_64", "openSUSE Leap 15.2:vim-icinga2-2.12.5-bp153.2.5.1.aarch64", "openSUSE Leap 15.2:vim-icinga2-2.12.5-bp153.2.5.1.ppc64le", "openSUSE Leap 15.2:vim-icinga2-2.12.5-bp153.2.5.1.x86_64", "openSUSE Leap 15.3:icinga2-2.12.5-bp153.2.5.1.aarch64", "openSUSE Leap 15.3:icinga2-2.12.5-bp153.2.5.1.ppc64le", "openSUSE Leap 15.3:icinga2-2.12.5-bp153.2.5.1.x86_64", "openSUSE Leap 15.3:icinga2-bin-2.12.5-bp153.2.5.1.aarch64", "openSUSE Leap 15.3:icinga2-bin-2.12.5-bp153.2.5.1.ppc64le", "openSUSE Leap 15.3:icinga2-bin-2.12.5-bp153.2.5.1.x86_64", "openSUSE Leap 15.3:icinga2-common-2.12.5-bp153.2.5.1.aarch64", "openSUSE Leap 15.3:icinga2-common-2.12.5-bp153.2.5.1.ppc64le", "openSUSE Leap 15.3:icinga2-common-2.12.5-bp153.2.5.1.x86_64", "openSUSE Leap 15.3:icinga2-doc-2.12.5-bp153.2.5.1.aarch64", "openSUSE Leap 15.3:icinga2-doc-2.12.5-bp153.2.5.1.ppc64le", "openSUSE Leap 15.3:icinga2-doc-2.12.5-bp153.2.5.1.x86_64", "openSUSE Leap 15.3:icinga2-ido-mysql-2.12.5-bp153.2.5.1.aarch64", "openSUSE Leap 15.3:icinga2-ido-mysql-2.12.5-bp153.2.5.1.ppc64le", "openSUSE Leap 15.3:icinga2-ido-mysql-2.12.5-bp153.2.5.1.x86_64", "openSUSE Leap 15.3:icinga2-ido-pgsql-2.12.5-bp153.2.5.1.aarch64", "openSUSE Leap 15.3:icinga2-ido-pgsql-2.12.5-bp153.2.5.1.ppc64le", "openSUSE Leap 15.3:icinga2-ido-pgsql-2.12.5-bp153.2.5.1.x86_64", "openSUSE Leap 15.3:nano-icinga2-2.12.5-bp153.2.5.1.aarch64", "openSUSE Leap 15.3:nano-icinga2-2.12.5-bp153.2.5.1.ppc64le", "openSUSE Leap 15.3:nano-icinga2-2.12.5-bp153.2.5.1.x86_64", "openSUSE Leap 15.3:vim-icinga2-2.12.5-bp153.2.5.1.aarch64", "openSUSE Leap 15.3:vim-icinga2-2.12.5-bp153.2.5.1.ppc64le", "openSUSE Leap 15.3:vim-icinga2-2.12.5-bp153.2.5.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2021-32739", url: "https://www.suse.com/security/cve/CVE-2021-32739", }, { category: "external", summary: "SUSE Bug 1188372 for CVE-2021-32739", url: "https://bugzilla.suse.com/1188372", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Package Hub 15 SP1:icinga2-2.12.5-bp153.2.5.1.aarch64", "SUSE Package Hub 15 SP1:icinga2-2.12.5-bp153.2.5.1.ppc64le", "SUSE Package Hub 15 SP1:icinga2-2.12.5-bp153.2.5.1.x86_64", "SUSE Package Hub 15 SP1:icinga2-bin-2.12.5-bp153.2.5.1.aarch64", "SUSE Package Hub 15 SP1:icinga2-bin-2.12.5-bp153.2.5.1.ppc64le", "SUSE Package Hub 15 SP1:icinga2-bin-2.12.5-bp153.2.5.1.x86_64", "SUSE Package Hub 15 SP1:icinga2-common-2.12.5-bp153.2.5.1.aarch64", "SUSE Package Hub 15 SP1:icinga2-common-2.12.5-bp153.2.5.1.ppc64le", "SUSE Package Hub 15 SP1:icinga2-common-2.12.5-bp153.2.5.1.x86_64", "SUSE Package Hub 15 SP1:icinga2-doc-2.12.5-bp153.2.5.1.aarch64", "SUSE Package Hub 15 SP1:icinga2-doc-2.12.5-bp153.2.5.1.ppc64le", "SUSE Package Hub 15 SP1:icinga2-doc-2.12.5-bp153.2.5.1.x86_64", "SUSE Package Hub 15 SP1:icinga2-ido-mysql-2.12.5-bp153.2.5.1.aarch64", "SUSE Package Hub 15 SP1:icinga2-ido-mysql-2.12.5-bp153.2.5.1.ppc64le", "SUSE Package Hub 15 SP1:icinga2-ido-mysql-2.12.5-bp153.2.5.1.x86_64", "SUSE Package Hub 15 SP1:icinga2-ido-pgsql-2.12.5-bp153.2.5.1.aarch64", "SUSE Package Hub 15 SP1:icinga2-ido-pgsql-2.12.5-bp153.2.5.1.ppc64le", "SUSE Package Hub 15 SP1:icinga2-ido-pgsql-2.12.5-bp153.2.5.1.x86_64", "SUSE Package Hub 15 SP1:nano-icinga2-2.12.5-bp153.2.5.1.aarch64", "SUSE Package Hub 15 SP1:nano-icinga2-2.12.5-bp153.2.5.1.ppc64le", "SUSE Package Hub 15 SP1:nano-icinga2-2.12.5-bp153.2.5.1.x86_64", "SUSE Package Hub 15 SP1:vim-icinga2-2.12.5-bp153.2.5.1.aarch64", "SUSE Package Hub 15 SP1:vim-icinga2-2.12.5-bp153.2.5.1.ppc64le", "SUSE Package Hub 15 SP1:vim-icinga2-2.12.5-bp153.2.5.1.x86_64", "SUSE Package Hub 15 SP2:icinga2-2.12.5-bp153.2.5.1.aarch64", "SUSE Package Hub 15 SP2:icinga2-2.12.5-bp153.2.5.1.ppc64le", "SUSE Package Hub 15 SP2:icinga2-2.12.5-bp153.2.5.1.x86_64", "SUSE Package Hub 15 SP2:icinga2-bin-2.12.5-bp153.2.5.1.aarch64", "SUSE Package Hub 15 SP2:icinga2-bin-2.12.5-bp153.2.5.1.ppc64le", "SUSE Package Hub 15 SP2:icinga2-bin-2.12.5-bp153.2.5.1.x86_64", "SUSE Package Hub 15 SP2:icinga2-common-2.12.5-bp153.2.5.1.aarch64", "SUSE Package Hub 15 SP2:icinga2-common-2.12.5-bp153.2.5.1.ppc64le", "SUSE Package Hub 15 SP2:icinga2-common-2.12.5-bp153.2.5.1.x86_64", "SUSE Package Hub 15 SP2:icinga2-doc-2.12.5-bp153.2.5.1.aarch64", "SUSE Package Hub 15 SP2:icinga2-doc-2.12.5-bp153.2.5.1.ppc64le", "SUSE Package Hub 15 SP2:icinga2-doc-2.12.5-bp153.2.5.1.x86_64", "SUSE Package Hub 15 SP2:icinga2-ido-mysql-2.12.5-bp153.2.5.1.aarch64", "SUSE Package Hub 15 SP2:icinga2-ido-mysql-2.12.5-bp153.2.5.1.ppc64le", "SUSE Package Hub 15 SP2:icinga2-ido-mysql-2.12.5-bp153.2.5.1.x86_64", "SUSE Package Hub 15 SP2:icinga2-ido-pgsql-2.12.5-bp153.2.5.1.aarch64", "SUSE Package Hub 15 SP2:icinga2-ido-pgsql-2.12.5-bp153.2.5.1.ppc64le", "SUSE Package Hub 15 SP2:icinga2-ido-pgsql-2.12.5-bp153.2.5.1.x86_64", "SUSE Package Hub 15 SP2:nano-icinga2-2.12.5-bp153.2.5.1.aarch64", "SUSE Package Hub 15 SP2:nano-icinga2-2.12.5-bp153.2.5.1.ppc64le", "SUSE Package Hub 15 SP2:nano-icinga2-2.12.5-bp153.2.5.1.x86_64", "SUSE Package Hub 15 SP2:vim-icinga2-2.12.5-bp153.2.5.1.aarch64", "SUSE Package Hub 15 SP2:vim-icinga2-2.12.5-bp153.2.5.1.ppc64le", "SUSE Package Hub 15 SP2:vim-icinga2-2.12.5-bp153.2.5.1.x86_64", "SUSE Package Hub 15 SP3:icinga2-2.12.5-bp153.2.5.1.aarch64", "SUSE Package Hub 15 SP3:icinga2-2.12.5-bp153.2.5.1.ppc64le", "SUSE Package Hub 15 SP3:icinga2-2.12.5-bp153.2.5.1.x86_64", "SUSE Package Hub 15 SP3:icinga2-bin-2.12.5-bp153.2.5.1.aarch64", "SUSE Package Hub 15 SP3:icinga2-bin-2.12.5-bp153.2.5.1.ppc64le", "SUSE Package Hub 15 SP3:icinga2-bin-2.12.5-bp153.2.5.1.x86_64", "SUSE Package Hub 15 SP3:icinga2-common-2.12.5-bp153.2.5.1.aarch64", "SUSE Package Hub 15 SP3:icinga2-common-2.12.5-bp153.2.5.1.ppc64le", "SUSE Package Hub 15 SP3:icinga2-common-2.12.5-bp153.2.5.1.x86_64", "SUSE Package Hub 15 SP3:icinga2-doc-2.12.5-bp153.2.5.1.aarch64", "SUSE Package Hub 15 SP3:icinga2-doc-2.12.5-bp153.2.5.1.ppc64le", "SUSE Package Hub 15 SP3:icinga2-doc-2.12.5-bp153.2.5.1.x86_64", "SUSE Package Hub 15 SP3:icinga2-ido-mysql-2.12.5-bp153.2.5.1.aarch64", "SUSE Package Hub 15 SP3:icinga2-ido-mysql-2.12.5-bp153.2.5.1.ppc64le", "SUSE Package Hub 15 SP3:icinga2-ido-mysql-2.12.5-bp153.2.5.1.x86_64", "SUSE Package Hub 15 SP3:icinga2-ido-pgsql-2.12.5-bp153.2.5.1.aarch64", "SUSE Package Hub 15 SP3:icinga2-ido-pgsql-2.12.5-bp153.2.5.1.ppc64le", "SUSE Package Hub 15 SP3:icinga2-ido-pgsql-2.12.5-bp153.2.5.1.x86_64", "SUSE Package Hub 15 SP3:nano-icinga2-2.12.5-bp153.2.5.1.aarch64", "SUSE Package Hub 15 SP3:nano-icinga2-2.12.5-bp153.2.5.1.ppc64le", "SUSE Package Hub 15 SP3:nano-icinga2-2.12.5-bp153.2.5.1.x86_64", "SUSE Package Hub 15 SP3:vim-icinga2-2.12.5-bp153.2.5.1.aarch64", "SUSE Package Hub 15 SP3:vim-icinga2-2.12.5-bp153.2.5.1.ppc64le", "SUSE Package Hub 15 SP3:vim-icinga2-2.12.5-bp153.2.5.1.x86_64", "openSUSE Leap 15.2:icinga2-2.12.5-bp153.2.5.1.aarch64", "openSUSE Leap 15.2:icinga2-2.12.5-bp153.2.5.1.ppc64le", "openSUSE Leap 15.2:icinga2-2.12.5-bp153.2.5.1.x86_64", "openSUSE Leap 15.2:icinga2-bin-2.12.5-bp153.2.5.1.aarch64", "openSUSE Leap 15.2:icinga2-bin-2.12.5-bp153.2.5.1.ppc64le", "openSUSE Leap 15.2:icinga2-bin-2.12.5-bp153.2.5.1.x86_64", "openSUSE Leap 15.2:icinga2-common-2.12.5-bp153.2.5.1.aarch64", "openSUSE Leap 15.2:icinga2-common-2.12.5-bp153.2.5.1.ppc64le", "openSUSE Leap 15.2:icinga2-common-2.12.5-bp153.2.5.1.x86_64", "openSUSE Leap 15.2:icinga2-doc-2.12.5-bp153.2.5.1.aarch64", "openSUSE Leap 15.2:icinga2-doc-2.12.5-bp153.2.5.1.ppc64le", "openSUSE Leap 15.2:icinga2-doc-2.12.5-bp153.2.5.1.x86_64", "openSUSE Leap 15.2:icinga2-ido-mysql-2.12.5-bp153.2.5.1.aarch64", "openSUSE Leap 15.2:icinga2-ido-mysql-2.12.5-bp153.2.5.1.ppc64le", "openSUSE Leap 15.2:icinga2-ido-mysql-2.12.5-bp153.2.5.1.x86_64", "openSUSE Leap 15.2:icinga2-ido-pgsql-2.12.5-bp153.2.5.1.aarch64", "openSUSE Leap 15.2:icinga2-ido-pgsql-2.12.5-bp153.2.5.1.ppc64le", "openSUSE Leap 15.2:icinga2-ido-pgsql-2.12.5-bp153.2.5.1.x86_64", "openSUSE Leap 15.2:nano-icinga2-2.12.5-bp153.2.5.1.aarch64", "openSUSE Leap 15.2:nano-icinga2-2.12.5-bp153.2.5.1.ppc64le", "openSUSE Leap 15.2:nano-icinga2-2.12.5-bp153.2.5.1.x86_64", "openSUSE Leap 15.2:vim-icinga2-2.12.5-bp153.2.5.1.aarch64", "openSUSE Leap 15.2:vim-icinga2-2.12.5-bp153.2.5.1.ppc64le", "openSUSE Leap 15.2:vim-icinga2-2.12.5-bp153.2.5.1.x86_64", "openSUSE Leap 15.3:icinga2-2.12.5-bp153.2.5.1.aarch64", "openSUSE Leap 15.3:icinga2-2.12.5-bp153.2.5.1.ppc64le", "openSUSE Leap 15.3:icinga2-2.12.5-bp153.2.5.1.x86_64", "openSUSE Leap 15.3:icinga2-bin-2.12.5-bp153.2.5.1.aarch64", "openSUSE Leap 15.3:icinga2-bin-2.12.5-bp153.2.5.1.ppc64le", "openSUSE Leap 15.3:icinga2-bin-2.12.5-bp153.2.5.1.x86_64", "openSUSE Leap 15.3:icinga2-common-2.12.5-bp153.2.5.1.aarch64", "openSUSE Leap 15.3:icinga2-common-2.12.5-bp153.2.5.1.ppc64le", "openSUSE Leap 15.3:icinga2-common-2.12.5-bp153.2.5.1.x86_64", "openSUSE Leap 15.3:icinga2-doc-2.12.5-bp153.2.5.1.aarch64", "openSUSE Leap 15.3:icinga2-doc-2.12.5-bp153.2.5.1.ppc64le", "openSUSE Leap 15.3:icinga2-doc-2.12.5-bp153.2.5.1.x86_64", "openSUSE Leap 15.3:icinga2-ido-mysql-2.12.5-bp153.2.5.1.aarch64", "openSUSE Leap 15.3:icinga2-ido-mysql-2.12.5-bp153.2.5.1.ppc64le", "openSUSE Leap 15.3:icinga2-ido-mysql-2.12.5-bp153.2.5.1.x86_64", "openSUSE Leap 15.3:icinga2-ido-pgsql-2.12.5-bp153.2.5.1.aarch64", "openSUSE Leap 15.3:icinga2-ido-pgsql-2.12.5-bp153.2.5.1.ppc64le", "openSUSE Leap 15.3:icinga2-ido-pgsql-2.12.5-bp153.2.5.1.x86_64", "openSUSE Leap 15.3:nano-icinga2-2.12.5-bp153.2.5.1.aarch64", "openSUSE Leap 15.3:nano-icinga2-2.12.5-bp153.2.5.1.ppc64le", "openSUSE Leap 15.3:nano-icinga2-2.12.5-bp153.2.5.1.x86_64", "openSUSE Leap 15.3:vim-icinga2-2.12.5-bp153.2.5.1.aarch64", "openSUSE Leap 15.3:vim-icinga2-2.12.5-bp153.2.5.1.ppc64le", "openSUSE Leap 15.3:vim-icinga2-2.12.5-bp153.2.5.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "SUSE Package Hub 15 SP1:icinga2-2.12.5-bp153.2.5.1.aarch64", "SUSE Package Hub 15 SP1:icinga2-2.12.5-bp153.2.5.1.ppc64le", "SUSE Package Hub 15 SP1:icinga2-2.12.5-bp153.2.5.1.x86_64", "SUSE Package Hub 15 SP1:icinga2-bin-2.12.5-bp153.2.5.1.aarch64", "SUSE Package Hub 15 SP1:icinga2-bin-2.12.5-bp153.2.5.1.ppc64le", "SUSE Package Hub 15 SP1:icinga2-bin-2.12.5-bp153.2.5.1.x86_64", "SUSE Package Hub 15 SP1:icinga2-common-2.12.5-bp153.2.5.1.aarch64", "SUSE Package Hub 15 SP1:icinga2-common-2.12.5-bp153.2.5.1.ppc64le", "SUSE Package Hub 15 SP1:icinga2-common-2.12.5-bp153.2.5.1.x86_64", "SUSE Package Hub 15 SP1:icinga2-doc-2.12.5-bp153.2.5.1.aarch64", "SUSE Package Hub 15 SP1:icinga2-doc-2.12.5-bp153.2.5.1.ppc64le", "SUSE Package Hub 15 SP1:icinga2-doc-2.12.5-bp153.2.5.1.x86_64", "SUSE Package Hub 15 SP1:icinga2-ido-mysql-2.12.5-bp153.2.5.1.aarch64", "SUSE Package Hub 15 SP1:icinga2-ido-mysql-2.12.5-bp153.2.5.1.ppc64le", "SUSE Package Hub 15 SP1:icinga2-ido-mysql-2.12.5-bp153.2.5.1.x86_64", "SUSE Package Hub 15 SP1:icinga2-ido-pgsql-2.12.5-bp153.2.5.1.aarch64", "SUSE Package Hub 15 SP1:icinga2-ido-pgsql-2.12.5-bp153.2.5.1.ppc64le", "SUSE Package Hub 15 SP1:icinga2-ido-pgsql-2.12.5-bp153.2.5.1.x86_64", "SUSE Package Hub 15 SP1:nano-icinga2-2.12.5-bp153.2.5.1.aarch64", "SUSE Package Hub 15 SP1:nano-icinga2-2.12.5-bp153.2.5.1.ppc64le", "SUSE Package Hub 15 SP1:nano-icinga2-2.12.5-bp153.2.5.1.x86_64", "SUSE Package Hub 15 SP1:vim-icinga2-2.12.5-bp153.2.5.1.aarch64", "SUSE Package Hub 15 SP1:vim-icinga2-2.12.5-bp153.2.5.1.ppc64le", "SUSE Package Hub 15 SP1:vim-icinga2-2.12.5-bp153.2.5.1.x86_64", "SUSE Package Hub 15 SP2:icinga2-2.12.5-bp153.2.5.1.aarch64", "SUSE Package Hub 15 SP2:icinga2-2.12.5-bp153.2.5.1.ppc64le", "SUSE Package Hub 15 SP2:icinga2-2.12.5-bp153.2.5.1.x86_64", "SUSE Package Hub 15 SP2:icinga2-bin-2.12.5-bp153.2.5.1.aarch64", "SUSE Package Hub 15 SP2:icinga2-bin-2.12.5-bp153.2.5.1.ppc64le", "SUSE Package Hub 15 SP2:icinga2-bin-2.12.5-bp153.2.5.1.x86_64", "SUSE Package Hub 15 SP2:icinga2-common-2.12.5-bp153.2.5.1.aarch64", "SUSE Package Hub 15 SP2:icinga2-common-2.12.5-bp153.2.5.1.ppc64le", "SUSE Package Hub 15 SP2:icinga2-common-2.12.5-bp153.2.5.1.x86_64", "SUSE Package Hub 15 SP2:icinga2-doc-2.12.5-bp153.2.5.1.aarch64", "SUSE Package Hub 15 SP2:icinga2-doc-2.12.5-bp153.2.5.1.ppc64le", "SUSE Package Hub 15 SP2:icinga2-doc-2.12.5-bp153.2.5.1.x86_64", "SUSE Package Hub 15 SP2:icinga2-ido-mysql-2.12.5-bp153.2.5.1.aarch64", "SUSE Package Hub 15 SP2:icinga2-ido-mysql-2.12.5-bp153.2.5.1.ppc64le", "SUSE Package Hub 15 SP2:icinga2-ido-mysql-2.12.5-bp153.2.5.1.x86_64", "SUSE Package Hub 15 SP2:icinga2-ido-pgsql-2.12.5-bp153.2.5.1.aarch64", "SUSE Package Hub 15 SP2:icinga2-ido-pgsql-2.12.5-bp153.2.5.1.ppc64le", "SUSE Package Hub 15 SP2:icinga2-ido-pgsql-2.12.5-bp153.2.5.1.x86_64", "SUSE Package Hub 15 SP2:nano-icinga2-2.12.5-bp153.2.5.1.aarch64", "SUSE Package Hub 15 SP2:nano-icinga2-2.12.5-bp153.2.5.1.ppc64le", "SUSE Package Hub 15 SP2:nano-icinga2-2.12.5-bp153.2.5.1.x86_64", "SUSE Package Hub 15 SP2:vim-icinga2-2.12.5-bp153.2.5.1.aarch64", "SUSE Package Hub 15 SP2:vim-icinga2-2.12.5-bp153.2.5.1.ppc64le", "SUSE Package Hub 15 SP2:vim-icinga2-2.12.5-bp153.2.5.1.x86_64", "SUSE Package Hub 15 SP3:icinga2-2.12.5-bp153.2.5.1.aarch64", "SUSE Package Hub 15 SP3:icinga2-2.12.5-bp153.2.5.1.ppc64le", "SUSE Package Hub 15 SP3:icinga2-2.12.5-bp153.2.5.1.x86_64", "SUSE Package Hub 15 SP3:icinga2-bin-2.12.5-bp153.2.5.1.aarch64", "SUSE Package Hub 15 SP3:icinga2-bin-2.12.5-bp153.2.5.1.ppc64le", "SUSE Package Hub 15 SP3:icinga2-bin-2.12.5-bp153.2.5.1.x86_64", "SUSE Package Hub 15 SP3:icinga2-common-2.12.5-bp153.2.5.1.aarch64", "SUSE Package Hub 15 SP3:icinga2-common-2.12.5-bp153.2.5.1.ppc64le", "SUSE Package Hub 15 SP3:icinga2-common-2.12.5-bp153.2.5.1.x86_64", "SUSE Package Hub 15 SP3:icinga2-doc-2.12.5-bp153.2.5.1.aarch64", "SUSE Package Hub 15 SP3:icinga2-doc-2.12.5-bp153.2.5.1.ppc64le", "SUSE Package Hub 15 SP3:icinga2-doc-2.12.5-bp153.2.5.1.x86_64", "SUSE Package Hub 15 SP3:icinga2-ido-mysql-2.12.5-bp153.2.5.1.aarch64", "SUSE Package Hub 15 SP3:icinga2-ido-mysql-2.12.5-bp153.2.5.1.ppc64le", "SUSE Package Hub 15 SP3:icinga2-ido-mysql-2.12.5-bp153.2.5.1.x86_64", "SUSE Package Hub 15 SP3:icinga2-ido-pgsql-2.12.5-bp153.2.5.1.aarch64", "SUSE Package Hub 15 SP3:icinga2-ido-pgsql-2.12.5-bp153.2.5.1.ppc64le", "SUSE Package Hub 15 SP3:icinga2-ido-pgsql-2.12.5-bp153.2.5.1.x86_64", "SUSE Package Hub 15 SP3:nano-icinga2-2.12.5-bp153.2.5.1.aarch64", "SUSE Package Hub 15 SP3:nano-icinga2-2.12.5-bp153.2.5.1.ppc64le", "SUSE Package Hub 15 SP3:nano-icinga2-2.12.5-bp153.2.5.1.x86_64", "SUSE Package Hub 15 SP3:vim-icinga2-2.12.5-bp153.2.5.1.aarch64", "SUSE Package Hub 15 SP3:vim-icinga2-2.12.5-bp153.2.5.1.ppc64le", "SUSE Package Hub 15 SP3:vim-icinga2-2.12.5-bp153.2.5.1.x86_64", "openSUSE Leap 15.2:icinga2-2.12.5-bp153.2.5.1.aarch64", "openSUSE Leap 15.2:icinga2-2.12.5-bp153.2.5.1.ppc64le", "openSUSE Leap 15.2:icinga2-2.12.5-bp153.2.5.1.x86_64", "openSUSE Leap 15.2:icinga2-bin-2.12.5-bp153.2.5.1.aarch64", "openSUSE Leap 15.2:icinga2-bin-2.12.5-bp153.2.5.1.ppc64le", "openSUSE Leap 15.2:icinga2-bin-2.12.5-bp153.2.5.1.x86_64", "openSUSE Leap 15.2:icinga2-common-2.12.5-bp153.2.5.1.aarch64", "openSUSE Leap 15.2:icinga2-common-2.12.5-bp153.2.5.1.ppc64le", "openSUSE Leap 15.2:icinga2-common-2.12.5-bp153.2.5.1.x86_64", "openSUSE Leap 15.2:icinga2-doc-2.12.5-bp153.2.5.1.aarch64", "openSUSE Leap 15.2:icinga2-doc-2.12.5-bp153.2.5.1.ppc64le", "openSUSE Leap 15.2:icinga2-doc-2.12.5-bp153.2.5.1.x86_64", "openSUSE Leap 15.2:icinga2-ido-mysql-2.12.5-bp153.2.5.1.aarch64", "openSUSE Leap 15.2:icinga2-ido-mysql-2.12.5-bp153.2.5.1.ppc64le", "openSUSE Leap 15.2:icinga2-ido-mysql-2.12.5-bp153.2.5.1.x86_64", "openSUSE Leap 15.2:icinga2-ido-pgsql-2.12.5-bp153.2.5.1.aarch64", "openSUSE Leap 15.2:icinga2-ido-pgsql-2.12.5-bp153.2.5.1.ppc64le", "openSUSE Leap 15.2:icinga2-ido-pgsql-2.12.5-bp153.2.5.1.x86_64", "openSUSE Leap 15.2:nano-icinga2-2.12.5-bp153.2.5.1.aarch64", "openSUSE Leap 15.2:nano-icinga2-2.12.5-bp153.2.5.1.ppc64le", "openSUSE Leap 15.2:nano-icinga2-2.12.5-bp153.2.5.1.x86_64", "openSUSE Leap 15.2:vim-icinga2-2.12.5-bp153.2.5.1.aarch64", "openSUSE Leap 15.2:vim-icinga2-2.12.5-bp153.2.5.1.ppc64le", "openSUSE Leap 15.2:vim-icinga2-2.12.5-bp153.2.5.1.x86_64", "openSUSE Leap 15.3:icinga2-2.12.5-bp153.2.5.1.aarch64", "openSUSE Leap 15.3:icinga2-2.12.5-bp153.2.5.1.ppc64le", "openSUSE Leap 15.3:icinga2-2.12.5-bp153.2.5.1.x86_64", "openSUSE Leap 15.3:icinga2-bin-2.12.5-bp153.2.5.1.aarch64", "openSUSE Leap 15.3:icinga2-bin-2.12.5-bp153.2.5.1.ppc64le", "openSUSE Leap 15.3:icinga2-bin-2.12.5-bp153.2.5.1.x86_64", "openSUSE Leap 15.3:icinga2-common-2.12.5-bp153.2.5.1.aarch64", "openSUSE Leap 15.3:icinga2-common-2.12.5-bp153.2.5.1.ppc64le", "openSUSE Leap 15.3:icinga2-common-2.12.5-bp153.2.5.1.x86_64", "openSUSE Leap 15.3:icinga2-doc-2.12.5-bp153.2.5.1.aarch64", "openSUSE Leap 15.3:icinga2-doc-2.12.5-bp153.2.5.1.ppc64le", "openSUSE Leap 15.3:icinga2-doc-2.12.5-bp153.2.5.1.x86_64", "openSUSE Leap 15.3:icinga2-ido-mysql-2.12.5-bp153.2.5.1.aarch64", "openSUSE Leap 15.3:icinga2-ido-mysql-2.12.5-bp153.2.5.1.ppc64le", "openSUSE Leap 15.3:icinga2-ido-mysql-2.12.5-bp153.2.5.1.x86_64", "openSUSE Leap 15.3:icinga2-ido-pgsql-2.12.5-bp153.2.5.1.aarch64", "openSUSE Leap 15.3:icinga2-ido-pgsql-2.12.5-bp153.2.5.1.ppc64le", "openSUSE Leap 15.3:icinga2-ido-pgsql-2.12.5-bp153.2.5.1.x86_64", "openSUSE Leap 15.3:nano-icinga2-2.12.5-bp153.2.5.1.aarch64", "openSUSE Leap 15.3:nano-icinga2-2.12.5-bp153.2.5.1.ppc64le", "openSUSE Leap 15.3:nano-icinga2-2.12.5-bp153.2.5.1.x86_64", "openSUSE Leap 15.3:vim-icinga2-2.12.5-bp153.2.5.1.aarch64", "openSUSE Leap 15.3:vim-icinga2-2.12.5-bp153.2.5.1.ppc64le", "openSUSE Leap 15.3:vim-icinga2-2.12.5-bp153.2.5.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2021-07-24T18:06:03Z", details: "moderate", }, ], title: "CVE-2021-32739", }, { cve: "CVE-2021-32743", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2021-32743", }, ], notes: [ { category: "general", text: "Icinga is a monitoring system which checks the availability of network resources, notifies users of outages, and generates performance data for reporting. In versions prior to 2.11.10 and from version 2.12.0 through version 2.12.4, some of the Icinga 2 features that require credentials for external services expose those credentials through the API to authenticated API users with read permissions for the corresponding object types. IdoMysqlConnection and IdoPgsqlConnection (every released version) exposes the password of the user used to connect to the database. IcingaDB (added in 2.12.0) exposes the password used to connect to the Redis server. ElasticsearchWriter (added in 2.8.0)exposes the password used to connect to the Elasticsearch server. An attacker who obtains these credentials can impersonate Icinga to these services and add, modify and delete information there. If credentials with more permissions are in use, this increases the impact accordingly. Starting with the 2.11.10 and 2.12.5 releases, these passwords are no longer exposed via the API. As a workaround, API user permissions can be restricted to not allow querying of any affected objects, either by explicitly listing only the required object types for object query permissions, or by applying a filter rule.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Package Hub 15 SP1:icinga2-2.12.5-bp153.2.5.1.aarch64", "SUSE Package Hub 15 SP1:icinga2-2.12.5-bp153.2.5.1.ppc64le", "SUSE Package Hub 15 SP1:icinga2-2.12.5-bp153.2.5.1.x86_64", "SUSE Package Hub 15 SP1:icinga2-bin-2.12.5-bp153.2.5.1.aarch64", "SUSE Package Hub 15 SP1:icinga2-bin-2.12.5-bp153.2.5.1.ppc64le", "SUSE Package Hub 15 SP1:icinga2-bin-2.12.5-bp153.2.5.1.x86_64", "SUSE Package Hub 15 SP1:icinga2-common-2.12.5-bp153.2.5.1.aarch64", "SUSE Package Hub 15 SP1:icinga2-common-2.12.5-bp153.2.5.1.ppc64le", "SUSE Package Hub 15 SP1:icinga2-common-2.12.5-bp153.2.5.1.x86_64", "SUSE Package Hub 15 SP1:icinga2-doc-2.12.5-bp153.2.5.1.aarch64", "SUSE Package Hub 15 SP1:icinga2-doc-2.12.5-bp153.2.5.1.ppc64le", "SUSE Package Hub 15 SP1:icinga2-doc-2.12.5-bp153.2.5.1.x86_64", "SUSE Package Hub 15 SP1:icinga2-ido-mysql-2.12.5-bp153.2.5.1.aarch64", "SUSE Package Hub 15 SP1:icinga2-ido-mysql-2.12.5-bp153.2.5.1.ppc64le", "SUSE Package Hub 15 SP1:icinga2-ido-mysql-2.12.5-bp153.2.5.1.x86_64", "SUSE Package Hub 15 SP1:icinga2-ido-pgsql-2.12.5-bp153.2.5.1.aarch64", "SUSE Package Hub 15 SP1:icinga2-ido-pgsql-2.12.5-bp153.2.5.1.ppc64le", "SUSE Package Hub 15 SP1:icinga2-ido-pgsql-2.12.5-bp153.2.5.1.x86_64", "SUSE Package Hub 15 SP1:nano-icinga2-2.12.5-bp153.2.5.1.aarch64", "SUSE Package Hub 15 SP1:nano-icinga2-2.12.5-bp153.2.5.1.ppc64le", "SUSE Package Hub 15 SP1:nano-icinga2-2.12.5-bp153.2.5.1.x86_64", "SUSE Package Hub 15 SP1:vim-icinga2-2.12.5-bp153.2.5.1.aarch64", "SUSE Package Hub 15 SP1:vim-icinga2-2.12.5-bp153.2.5.1.ppc64le", "SUSE Package Hub 15 SP1:vim-icinga2-2.12.5-bp153.2.5.1.x86_64", "SUSE Package Hub 15 SP2:icinga2-2.12.5-bp153.2.5.1.aarch64", "SUSE Package Hub 15 SP2:icinga2-2.12.5-bp153.2.5.1.ppc64le", "SUSE Package Hub 15 SP2:icinga2-2.12.5-bp153.2.5.1.x86_64", "SUSE Package Hub 15 SP2:icinga2-bin-2.12.5-bp153.2.5.1.aarch64", "SUSE Package Hub 15 SP2:icinga2-bin-2.12.5-bp153.2.5.1.ppc64le", "SUSE Package Hub 15 SP2:icinga2-bin-2.12.5-bp153.2.5.1.x86_64", "SUSE Package Hub 15 SP2:icinga2-common-2.12.5-bp153.2.5.1.aarch64", "SUSE Package Hub 15 SP2:icinga2-common-2.12.5-bp153.2.5.1.ppc64le", "SUSE Package Hub 15 SP2:icinga2-common-2.12.5-bp153.2.5.1.x86_64", "SUSE Package Hub 15 SP2:icinga2-doc-2.12.5-bp153.2.5.1.aarch64", "SUSE Package Hub 15 SP2:icinga2-doc-2.12.5-bp153.2.5.1.ppc64le", "SUSE Package Hub 15 SP2:icinga2-doc-2.12.5-bp153.2.5.1.x86_64", "SUSE Package Hub 15 SP2:icinga2-ido-mysql-2.12.5-bp153.2.5.1.aarch64", "SUSE Package Hub 15 SP2:icinga2-ido-mysql-2.12.5-bp153.2.5.1.ppc64le", "SUSE Package Hub 15 SP2:icinga2-ido-mysql-2.12.5-bp153.2.5.1.x86_64", "SUSE Package Hub 15 SP2:icinga2-ido-pgsql-2.12.5-bp153.2.5.1.aarch64", "SUSE Package Hub 15 SP2:icinga2-ido-pgsql-2.12.5-bp153.2.5.1.ppc64le", "SUSE Package Hub 15 SP2:icinga2-ido-pgsql-2.12.5-bp153.2.5.1.x86_64", "SUSE Package Hub 15 SP2:nano-icinga2-2.12.5-bp153.2.5.1.aarch64", "SUSE Package Hub 15 SP2:nano-icinga2-2.12.5-bp153.2.5.1.ppc64le", "SUSE Package Hub 15 SP2:nano-icinga2-2.12.5-bp153.2.5.1.x86_64", "SUSE Package Hub 15 SP2:vim-icinga2-2.12.5-bp153.2.5.1.aarch64", "SUSE Package Hub 15 SP2:vim-icinga2-2.12.5-bp153.2.5.1.ppc64le", "SUSE Package Hub 15 SP2:vim-icinga2-2.12.5-bp153.2.5.1.x86_64", "SUSE Package Hub 15 SP3:icinga2-2.12.5-bp153.2.5.1.aarch64", "SUSE Package Hub 15 SP3:icinga2-2.12.5-bp153.2.5.1.ppc64le", "SUSE Package Hub 15 SP3:icinga2-2.12.5-bp153.2.5.1.x86_64", "SUSE Package Hub 15 SP3:icinga2-bin-2.12.5-bp153.2.5.1.aarch64", "SUSE Package Hub 15 SP3:icinga2-bin-2.12.5-bp153.2.5.1.ppc64le", "SUSE Package Hub 15 SP3:icinga2-bin-2.12.5-bp153.2.5.1.x86_64", "SUSE Package Hub 15 SP3:icinga2-common-2.12.5-bp153.2.5.1.aarch64", "SUSE Package Hub 15 SP3:icinga2-common-2.12.5-bp153.2.5.1.ppc64le", "SUSE Package Hub 15 SP3:icinga2-common-2.12.5-bp153.2.5.1.x86_64", "SUSE Package Hub 15 SP3:icinga2-doc-2.12.5-bp153.2.5.1.aarch64", "SUSE Package Hub 15 SP3:icinga2-doc-2.12.5-bp153.2.5.1.ppc64le", "SUSE Package Hub 15 SP3:icinga2-doc-2.12.5-bp153.2.5.1.x86_64", "SUSE Package Hub 15 SP3:icinga2-ido-mysql-2.12.5-bp153.2.5.1.aarch64", "SUSE Package Hub 15 SP3:icinga2-ido-mysql-2.12.5-bp153.2.5.1.ppc64le", "SUSE Package Hub 15 SP3:icinga2-ido-mysql-2.12.5-bp153.2.5.1.x86_64", "SUSE Package Hub 15 SP3:icinga2-ido-pgsql-2.12.5-bp153.2.5.1.aarch64", "SUSE Package Hub 15 SP3:icinga2-ido-pgsql-2.12.5-bp153.2.5.1.ppc64le", "SUSE Package Hub 15 SP3:icinga2-ido-pgsql-2.12.5-bp153.2.5.1.x86_64", "SUSE Package Hub 15 SP3:nano-icinga2-2.12.5-bp153.2.5.1.aarch64", "SUSE Package Hub 15 SP3:nano-icinga2-2.12.5-bp153.2.5.1.ppc64le", "SUSE Package Hub 15 SP3:nano-icinga2-2.12.5-bp153.2.5.1.x86_64", "SUSE Package Hub 15 SP3:vim-icinga2-2.12.5-bp153.2.5.1.aarch64", "SUSE Package Hub 15 SP3:vim-icinga2-2.12.5-bp153.2.5.1.ppc64le", "SUSE Package Hub 15 SP3:vim-icinga2-2.12.5-bp153.2.5.1.x86_64", "openSUSE Leap 15.2:icinga2-2.12.5-bp153.2.5.1.aarch64", "openSUSE Leap 15.2:icinga2-2.12.5-bp153.2.5.1.ppc64le", "openSUSE Leap 15.2:icinga2-2.12.5-bp153.2.5.1.x86_64", "openSUSE Leap 15.2:icinga2-bin-2.12.5-bp153.2.5.1.aarch64", "openSUSE Leap 15.2:icinga2-bin-2.12.5-bp153.2.5.1.ppc64le", "openSUSE Leap 15.2:icinga2-bin-2.12.5-bp153.2.5.1.x86_64", "openSUSE Leap 15.2:icinga2-common-2.12.5-bp153.2.5.1.aarch64", "openSUSE Leap 15.2:icinga2-common-2.12.5-bp153.2.5.1.ppc64le", "openSUSE Leap 15.2:icinga2-common-2.12.5-bp153.2.5.1.x86_64", "openSUSE Leap 15.2:icinga2-doc-2.12.5-bp153.2.5.1.aarch64", "openSUSE Leap 15.2:icinga2-doc-2.12.5-bp153.2.5.1.ppc64le", "openSUSE Leap 15.2:icinga2-doc-2.12.5-bp153.2.5.1.x86_64", "openSUSE Leap 15.2:icinga2-ido-mysql-2.12.5-bp153.2.5.1.aarch64", "openSUSE Leap 15.2:icinga2-ido-mysql-2.12.5-bp153.2.5.1.ppc64le", "openSUSE Leap 15.2:icinga2-ido-mysql-2.12.5-bp153.2.5.1.x86_64", "openSUSE Leap 15.2:icinga2-ido-pgsql-2.12.5-bp153.2.5.1.aarch64", "openSUSE Leap 15.2:icinga2-ido-pgsql-2.12.5-bp153.2.5.1.ppc64le", "openSUSE Leap 15.2:icinga2-ido-pgsql-2.12.5-bp153.2.5.1.x86_64", "openSUSE Leap 15.2:nano-icinga2-2.12.5-bp153.2.5.1.aarch64", "openSUSE Leap 15.2:nano-icinga2-2.12.5-bp153.2.5.1.ppc64le", "openSUSE Leap 15.2:nano-icinga2-2.12.5-bp153.2.5.1.x86_64", "openSUSE Leap 15.2:vim-icinga2-2.12.5-bp153.2.5.1.aarch64", "openSUSE Leap 15.2:vim-icinga2-2.12.5-bp153.2.5.1.ppc64le", "openSUSE Leap 15.2:vim-icinga2-2.12.5-bp153.2.5.1.x86_64", "openSUSE Leap 15.3:icinga2-2.12.5-bp153.2.5.1.aarch64", "openSUSE Leap 15.3:icinga2-2.12.5-bp153.2.5.1.ppc64le", "openSUSE Leap 15.3:icinga2-2.12.5-bp153.2.5.1.x86_64", "openSUSE Leap 15.3:icinga2-bin-2.12.5-bp153.2.5.1.aarch64", "openSUSE Leap 15.3:icinga2-bin-2.12.5-bp153.2.5.1.ppc64le", "openSUSE Leap 15.3:icinga2-bin-2.12.5-bp153.2.5.1.x86_64", "openSUSE Leap 15.3:icinga2-common-2.12.5-bp153.2.5.1.aarch64", "openSUSE Leap 15.3:icinga2-common-2.12.5-bp153.2.5.1.ppc64le", "openSUSE Leap 15.3:icinga2-common-2.12.5-bp153.2.5.1.x86_64", "openSUSE Leap 15.3:icinga2-doc-2.12.5-bp153.2.5.1.aarch64", "openSUSE Leap 15.3:icinga2-doc-2.12.5-bp153.2.5.1.ppc64le", "openSUSE Leap 15.3:icinga2-doc-2.12.5-bp153.2.5.1.x86_64", "openSUSE Leap 15.3:icinga2-ido-mysql-2.12.5-bp153.2.5.1.aarch64", "openSUSE Leap 15.3:icinga2-ido-mysql-2.12.5-bp153.2.5.1.ppc64le", "openSUSE Leap 15.3:icinga2-ido-mysql-2.12.5-bp153.2.5.1.x86_64", "openSUSE Leap 15.3:icinga2-ido-pgsql-2.12.5-bp153.2.5.1.aarch64", "openSUSE Leap 15.3:icinga2-ido-pgsql-2.12.5-bp153.2.5.1.ppc64le", "openSUSE Leap 15.3:icinga2-ido-pgsql-2.12.5-bp153.2.5.1.x86_64", "openSUSE Leap 15.3:nano-icinga2-2.12.5-bp153.2.5.1.aarch64", "openSUSE Leap 15.3:nano-icinga2-2.12.5-bp153.2.5.1.ppc64le", "openSUSE Leap 15.3:nano-icinga2-2.12.5-bp153.2.5.1.x86_64", "openSUSE Leap 15.3:vim-icinga2-2.12.5-bp153.2.5.1.aarch64", "openSUSE Leap 15.3:vim-icinga2-2.12.5-bp153.2.5.1.ppc64le", "openSUSE Leap 15.3:vim-icinga2-2.12.5-bp153.2.5.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2021-32743", url: "https://www.suse.com/security/cve/CVE-2021-32743", }, { category: "external", summary: "SUSE Bug 1188370 for CVE-2021-32743", url: "https://bugzilla.suse.com/1188370", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Package Hub 15 SP1:icinga2-2.12.5-bp153.2.5.1.aarch64", "SUSE Package Hub 15 SP1:icinga2-2.12.5-bp153.2.5.1.ppc64le", "SUSE Package Hub 15 SP1:icinga2-2.12.5-bp153.2.5.1.x86_64", "SUSE Package Hub 15 SP1:icinga2-bin-2.12.5-bp153.2.5.1.aarch64", "SUSE Package Hub 15 SP1:icinga2-bin-2.12.5-bp153.2.5.1.ppc64le", "SUSE Package Hub 15 SP1:icinga2-bin-2.12.5-bp153.2.5.1.x86_64", "SUSE Package Hub 15 SP1:icinga2-common-2.12.5-bp153.2.5.1.aarch64", "SUSE Package Hub 15 SP1:icinga2-common-2.12.5-bp153.2.5.1.ppc64le", "SUSE Package Hub 15 SP1:icinga2-common-2.12.5-bp153.2.5.1.x86_64", "SUSE Package Hub 15 SP1:icinga2-doc-2.12.5-bp153.2.5.1.aarch64", "SUSE Package Hub 15 SP1:icinga2-doc-2.12.5-bp153.2.5.1.ppc64le", "SUSE Package Hub 15 SP1:icinga2-doc-2.12.5-bp153.2.5.1.x86_64", "SUSE Package Hub 15 SP1:icinga2-ido-mysql-2.12.5-bp153.2.5.1.aarch64", "SUSE Package Hub 15 SP1:icinga2-ido-mysql-2.12.5-bp153.2.5.1.ppc64le", "SUSE Package Hub 15 SP1:icinga2-ido-mysql-2.12.5-bp153.2.5.1.x86_64", "SUSE Package Hub 15 SP1:icinga2-ido-pgsql-2.12.5-bp153.2.5.1.aarch64", "SUSE Package Hub 15 SP1:icinga2-ido-pgsql-2.12.5-bp153.2.5.1.ppc64le", "SUSE Package Hub 15 SP1:icinga2-ido-pgsql-2.12.5-bp153.2.5.1.x86_64", "SUSE Package Hub 15 SP1:nano-icinga2-2.12.5-bp153.2.5.1.aarch64", "SUSE Package Hub 15 SP1:nano-icinga2-2.12.5-bp153.2.5.1.ppc64le", "SUSE Package Hub 15 SP1:nano-icinga2-2.12.5-bp153.2.5.1.x86_64", "SUSE Package Hub 15 SP1:vim-icinga2-2.12.5-bp153.2.5.1.aarch64", "SUSE Package Hub 15 SP1:vim-icinga2-2.12.5-bp153.2.5.1.ppc64le", "SUSE Package Hub 15 SP1:vim-icinga2-2.12.5-bp153.2.5.1.x86_64", "SUSE Package Hub 15 SP2:icinga2-2.12.5-bp153.2.5.1.aarch64", "SUSE Package Hub 15 SP2:icinga2-2.12.5-bp153.2.5.1.ppc64le", "SUSE Package Hub 15 SP2:icinga2-2.12.5-bp153.2.5.1.x86_64", "SUSE Package Hub 15 SP2:icinga2-bin-2.12.5-bp153.2.5.1.aarch64", "SUSE Package Hub 15 SP2:icinga2-bin-2.12.5-bp153.2.5.1.ppc64le", "SUSE Package Hub 15 SP2:icinga2-bin-2.12.5-bp153.2.5.1.x86_64", "SUSE Package Hub 15 SP2:icinga2-common-2.12.5-bp153.2.5.1.aarch64", "SUSE Package Hub 15 SP2:icinga2-common-2.12.5-bp153.2.5.1.ppc64le", "SUSE Package Hub 15 SP2:icinga2-common-2.12.5-bp153.2.5.1.x86_64", "SUSE Package Hub 15 SP2:icinga2-doc-2.12.5-bp153.2.5.1.aarch64", "SUSE Package Hub 15 SP2:icinga2-doc-2.12.5-bp153.2.5.1.ppc64le", "SUSE Package Hub 15 SP2:icinga2-doc-2.12.5-bp153.2.5.1.x86_64", "SUSE Package Hub 15 SP2:icinga2-ido-mysql-2.12.5-bp153.2.5.1.aarch64", "SUSE Package Hub 15 SP2:icinga2-ido-mysql-2.12.5-bp153.2.5.1.ppc64le", "SUSE Package Hub 15 SP2:icinga2-ido-mysql-2.12.5-bp153.2.5.1.x86_64", "SUSE Package Hub 15 SP2:icinga2-ido-pgsql-2.12.5-bp153.2.5.1.aarch64", "SUSE Package Hub 15 SP2:icinga2-ido-pgsql-2.12.5-bp153.2.5.1.ppc64le", "SUSE Package Hub 15 SP2:icinga2-ido-pgsql-2.12.5-bp153.2.5.1.x86_64", "SUSE Package Hub 15 SP2:nano-icinga2-2.12.5-bp153.2.5.1.aarch64", "SUSE Package Hub 15 SP2:nano-icinga2-2.12.5-bp153.2.5.1.ppc64le", "SUSE Package Hub 15 SP2:nano-icinga2-2.12.5-bp153.2.5.1.x86_64", "SUSE Package Hub 15 SP2:vim-icinga2-2.12.5-bp153.2.5.1.aarch64", "SUSE Package Hub 15 SP2:vim-icinga2-2.12.5-bp153.2.5.1.ppc64le", "SUSE Package Hub 15 SP2:vim-icinga2-2.12.5-bp153.2.5.1.x86_64", "SUSE Package Hub 15 SP3:icinga2-2.12.5-bp153.2.5.1.aarch64", "SUSE Package Hub 15 SP3:icinga2-2.12.5-bp153.2.5.1.ppc64le", "SUSE Package Hub 15 SP3:icinga2-2.12.5-bp153.2.5.1.x86_64", "SUSE Package Hub 15 SP3:icinga2-bin-2.12.5-bp153.2.5.1.aarch64", "SUSE Package Hub 15 SP3:icinga2-bin-2.12.5-bp153.2.5.1.ppc64le", "SUSE Package Hub 15 SP3:icinga2-bin-2.12.5-bp153.2.5.1.x86_64", "SUSE Package Hub 15 SP3:icinga2-common-2.12.5-bp153.2.5.1.aarch64", "SUSE Package Hub 15 SP3:icinga2-common-2.12.5-bp153.2.5.1.ppc64le", "SUSE Package Hub 15 SP3:icinga2-common-2.12.5-bp153.2.5.1.x86_64", "SUSE Package Hub 15 SP3:icinga2-doc-2.12.5-bp153.2.5.1.aarch64", "SUSE Package Hub 15 SP3:icinga2-doc-2.12.5-bp153.2.5.1.ppc64le", "SUSE Package Hub 15 SP3:icinga2-doc-2.12.5-bp153.2.5.1.x86_64", "SUSE Package Hub 15 SP3:icinga2-ido-mysql-2.12.5-bp153.2.5.1.aarch64", "SUSE Package Hub 15 SP3:icinga2-ido-mysql-2.12.5-bp153.2.5.1.ppc64le", "SUSE Package Hub 15 SP3:icinga2-ido-mysql-2.12.5-bp153.2.5.1.x86_64", "SUSE Package Hub 15 SP3:icinga2-ido-pgsql-2.12.5-bp153.2.5.1.aarch64", "SUSE Package Hub 15 SP3:icinga2-ido-pgsql-2.12.5-bp153.2.5.1.ppc64le", "SUSE Package Hub 15 SP3:icinga2-ido-pgsql-2.12.5-bp153.2.5.1.x86_64", "SUSE Package Hub 15 SP3:nano-icinga2-2.12.5-bp153.2.5.1.aarch64", "SUSE Package Hub 15 SP3:nano-icinga2-2.12.5-bp153.2.5.1.ppc64le", "SUSE Package Hub 15 SP3:nano-icinga2-2.12.5-bp153.2.5.1.x86_64", "SUSE Package Hub 15 SP3:vim-icinga2-2.12.5-bp153.2.5.1.aarch64", "SUSE Package Hub 15 SP3:vim-icinga2-2.12.5-bp153.2.5.1.ppc64le", "SUSE Package Hub 15 SP3:vim-icinga2-2.12.5-bp153.2.5.1.x86_64", "openSUSE Leap 15.2:icinga2-2.12.5-bp153.2.5.1.aarch64", "openSUSE Leap 15.2:icinga2-2.12.5-bp153.2.5.1.ppc64le", "openSUSE Leap 15.2:icinga2-2.12.5-bp153.2.5.1.x86_64", "openSUSE Leap 15.2:icinga2-bin-2.12.5-bp153.2.5.1.aarch64", "openSUSE Leap 15.2:icinga2-bin-2.12.5-bp153.2.5.1.ppc64le", "openSUSE Leap 15.2:icinga2-bin-2.12.5-bp153.2.5.1.x86_64", "openSUSE Leap 15.2:icinga2-common-2.12.5-bp153.2.5.1.aarch64", "openSUSE Leap 15.2:icinga2-common-2.12.5-bp153.2.5.1.ppc64le", "openSUSE Leap 15.2:icinga2-common-2.12.5-bp153.2.5.1.x86_64", "openSUSE Leap 15.2:icinga2-doc-2.12.5-bp153.2.5.1.aarch64", "openSUSE Leap 15.2:icinga2-doc-2.12.5-bp153.2.5.1.ppc64le", "openSUSE Leap 15.2:icinga2-doc-2.12.5-bp153.2.5.1.x86_64", "openSUSE Leap 15.2:icinga2-ido-mysql-2.12.5-bp153.2.5.1.aarch64", "openSUSE Leap 15.2:icinga2-ido-mysql-2.12.5-bp153.2.5.1.ppc64le", "openSUSE Leap 15.2:icinga2-ido-mysql-2.12.5-bp153.2.5.1.x86_64", "openSUSE Leap 15.2:icinga2-ido-pgsql-2.12.5-bp153.2.5.1.aarch64", "openSUSE Leap 15.2:icinga2-ido-pgsql-2.12.5-bp153.2.5.1.ppc64le", "openSUSE Leap 15.2:icinga2-ido-pgsql-2.12.5-bp153.2.5.1.x86_64", "openSUSE Leap 15.2:nano-icinga2-2.12.5-bp153.2.5.1.aarch64", "openSUSE Leap 15.2:nano-icinga2-2.12.5-bp153.2.5.1.ppc64le", "openSUSE Leap 15.2:nano-icinga2-2.12.5-bp153.2.5.1.x86_64", "openSUSE Leap 15.2:vim-icinga2-2.12.5-bp153.2.5.1.aarch64", "openSUSE Leap 15.2:vim-icinga2-2.12.5-bp153.2.5.1.ppc64le", "openSUSE Leap 15.2:vim-icinga2-2.12.5-bp153.2.5.1.x86_64", "openSUSE Leap 15.3:icinga2-2.12.5-bp153.2.5.1.aarch64", "openSUSE Leap 15.3:icinga2-2.12.5-bp153.2.5.1.ppc64le", "openSUSE Leap 15.3:icinga2-2.12.5-bp153.2.5.1.x86_64", "openSUSE Leap 15.3:icinga2-bin-2.12.5-bp153.2.5.1.aarch64", "openSUSE Leap 15.3:icinga2-bin-2.12.5-bp153.2.5.1.ppc64le", "openSUSE Leap 15.3:icinga2-bin-2.12.5-bp153.2.5.1.x86_64", "openSUSE Leap 15.3:icinga2-common-2.12.5-bp153.2.5.1.aarch64", "openSUSE Leap 15.3:icinga2-common-2.12.5-bp153.2.5.1.ppc64le", "openSUSE Leap 15.3:icinga2-common-2.12.5-bp153.2.5.1.x86_64", "openSUSE Leap 15.3:icinga2-doc-2.12.5-bp153.2.5.1.aarch64", "openSUSE Leap 15.3:icinga2-doc-2.12.5-bp153.2.5.1.ppc64le", "openSUSE Leap 15.3:icinga2-doc-2.12.5-bp153.2.5.1.x86_64", "openSUSE Leap 15.3:icinga2-ido-mysql-2.12.5-bp153.2.5.1.aarch64", "openSUSE Leap 15.3:icinga2-ido-mysql-2.12.5-bp153.2.5.1.ppc64le", "openSUSE Leap 15.3:icinga2-ido-mysql-2.12.5-bp153.2.5.1.x86_64", "openSUSE Leap 15.3:icinga2-ido-pgsql-2.12.5-bp153.2.5.1.aarch64", "openSUSE Leap 15.3:icinga2-ido-pgsql-2.12.5-bp153.2.5.1.ppc64le", "openSUSE Leap 15.3:icinga2-ido-pgsql-2.12.5-bp153.2.5.1.x86_64", "openSUSE Leap 15.3:nano-icinga2-2.12.5-bp153.2.5.1.aarch64", "openSUSE Leap 15.3:nano-icinga2-2.12.5-bp153.2.5.1.ppc64le", "openSUSE Leap 15.3:nano-icinga2-2.12.5-bp153.2.5.1.x86_64", "openSUSE Leap 15.3:vim-icinga2-2.12.5-bp153.2.5.1.aarch64", "openSUSE Leap 15.3:vim-icinga2-2.12.5-bp153.2.5.1.ppc64le", "openSUSE Leap 15.3:vim-icinga2-2.12.5-bp153.2.5.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "SUSE Package Hub 15 SP1:icinga2-2.12.5-bp153.2.5.1.aarch64", "SUSE Package Hub 15 SP1:icinga2-2.12.5-bp153.2.5.1.ppc64le", "SUSE Package Hub 15 SP1:icinga2-2.12.5-bp153.2.5.1.x86_64", "SUSE Package Hub 15 SP1:icinga2-bin-2.12.5-bp153.2.5.1.aarch64", "SUSE Package Hub 15 SP1:icinga2-bin-2.12.5-bp153.2.5.1.ppc64le", "SUSE Package Hub 15 SP1:icinga2-bin-2.12.5-bp153.2.5.1.x86_64", "SUSE Package Hub 15 SP1:icinga2-common-2.12.5-bp153.2.5.1.aarch64", "SUSE Package Hub 15 SP1:icinga2-common-2.12.5-bp153.2.5.1.ppc64le", "SUSE Package Hub 15 SP1:icinga2-common-2.12.5-bp153.2.5.1.x86_64", "SUSE Package Hub 15 SP1:icinga2-doc-2.12.5-bp153.2.5.1.aarch64", "SUSE Package Hub 15 SP1:icinga2-doc-2.12.5-bp153.2.5.1.ppc64le", "SUSE Package Hub 15 SP1:icinga2-doc-2.12.5-bp153.2.5.1.x86_64", "SUSE Package Hub 15 SP1:icinga2-ido-mysql-2.12.5-bp153.2.5.1.aarch64", "SUSE Package Hub 15 SP1:icinga2-ido-mysql-2.12.5-bp153.2.5.1.ppc64le", "SUSE Package Hub 15 SP1:icinga2-ido-mysql-2.12.5-bp153.2.5.1.x86_64", "SUSE Package Hub 15 SP1:icinga2-ido-pgsql-2.12.5-bp153.2.5.1.aarch64", "SUSE Package Hub 15 SP1:icinga2-ido-pgsql-2.12.5-bp153.2.5.1.ppc64le", "SUSE Package Hub 15 SP1:icinga2-ido-pgsql-2.12.5-bp153.2.5.1.x86_64", "SUSE Package Hub 15 SP1:nano-icinga2-2.12.5-bp153.2.5.1.aarch64", "SUSE Package Hub 15 SP1:nano-icinga2-2.12.5-bp153.2.5.1.ppc64le", "SUSE Package Hub 15 SP1:nano-icinga2-2.12.5-bp153.2.5.1.x86_64", "SUSE Package Hub 15 SP1:vim-icinga2-2.12.5-bp153.2.5.1.aarch64", "SUSE Package Hub 15 SP1:vim-icinga2-2.12.5-bp153.2.5.1.ppc64le", "SUSE Package Hub 15 SP1:vim-icinga2-2.12.5-bp153.2.5.1.x86_64", "SUSE Package Hub 15 SP2:icinga2-2.12.5-bp153.2.5.1.aarch64", "SUSE Package Hub 15 SP2:icinga2-2.12.5-bp153.2.5.1.ppc64le", "SUSE Package Hub 15 SP2:icinga2-2.12.5-bp153.2.5.1.x86_64", "SUSE Package Hub 15 SP2:icinga2-bin-2.12.5-bp153.2.5.1.aarch64", "SUSE Package Hub 15 SP2:icinga2-bin-2.12.5-bp153.2.5.1.ppc64le", "SUSE Package Hub 15 SP2:icinga2-bin-2.12.5-bp153.2.5.1.x86_64", "SUSE Package Hub 15 SP2:icinga2-common-2.12.5-bp153.2.5.1.aarch64", "SUSE Package Hub 15 SP2:icinga2-common-2.12.5-bp153.2.5.1.ppc64le", "SUSE Package Hub 15 SP2:icinga2-common-2.12.5-bp153.2.5.1.x86_64", "SUSE Package Hub 15 SP2:icinga2-doc-2.12.5-bp153.2.5.1.aarch64", "SUSE Package Hub 15 SP2:icinga2-doc-2.12.5-bp153.2.5.1.ppc64le", "SUSE Package Hub 15 SP2:icinga2-doc-2.12.5-bp153.2.5.1.x86_64", "SUSE Package Hub 15 SP2:icinga2-ido-mysql-2.12.5-bp153.2.5.1.aarch64", "SUSE Package Hub 15 SP2:icinga2-ido-mysql-2.12.5-bp153.2.5.1.ppc64le", "SUSE Package Hub 15 SP2:icinga2-ido-mysql-2.12.5-bp153.2.5.1.x86_64", "SUSE Package Hub 15 SP2:icinga2-ido-pgsql-2.12.5-bp153.2.5.1.aarch64", "SUSE Package Hub 15 SP2:icinga2-ido-pgsql-2.12.5-bp153.2.5.1.ppc64le", "SUSE Package Hub 15 SP2:icinga2-ido-pgsql-2.12.5-bp153.2.5.1.x86_64", "SUSE Package Hub 15 SP2:nano-icinga2-2.12.5-bp153.2.5.1.aarch64", "SUSE Package Hub 15 SP2:nano-icinga2-2.12.5-bp153.2.5.1.ppc64le", "SUSE Package Hub 15 SP2:nano-icinga2-2.12.5-bp153.2.5.1.x86_64", "SUSE Package Hub 15 SP2:vim-icinga2-2.12.5-bp153.2.5.1.aarch64", "SUSE Package Hub 15 SP2:vim-icinga2-2.12.5-bp153.2.5.1.ppc64le", "SUSE Package Hub 15 SP2:vim-icinga2-2.12.5-bp153.2.5.1.x86_64", "SUSE Package Hub 15 SP3:icinga2-2.12.5-bp153.2.5.1.aarch64", "SUSE Package Hub 15 SP3:icinga2-2.12.5-bp153.2.5.1.ppc64le", "SUSE Package Hub 15 SP3:icinga2-2.12.5-bp153.2.5.1.x86_64", "SUSE Package Hub 15 SP3:icinga2-bin-2.12.5-bp153.2.5.1.aarch64", "SUSE Package Hub 15 SP3:icinga2-bin-2.12.5-bp153.2.5.1.ppc64le", "SUSE Package Hub 15 SP3:icinga2-bin-2.12.5-bp153.2.5.1.x86_64", "SUSE Package Hub 15 SP3:icinga2-common-2.12.5-bp153.2.5.1.aarch64", "SUSE Package Hub 15 SP3:icinga2-common-2.12.5-bp153.2.5.1.ppc64le", "SUSE Package Hub 15 SP3:icinga2-common-2.12.5-bp153.2.5.1.x86_64", "SUSE Package Hub 15 SP3:icinga2-doc-2.12.5-bp153.2.5.1.aarch64", "SUSE Package Hub 15 SP3:icinga2-doc-2.12.5-bp153.2.5.1.ppc64le", "SUSE Package Hub 15 SP3:icinga2-doc-2.12.5-bp153.2.5.1.x86_64", "SUSE Package Hub 15 SP3:icinga2-ido-mysql-2.12.5-bp153.2.5.1.aarch64", "SUSE Package Hub 15 SP3:icinga2-ido-mysql-2.12.5-bp153.2.5.1.ppc64le", "SUSE Package Hub 15 SP3:icinga2-ido-mysql-2.12.5-bp153.2.5.1.x86_64", "SUSE Package Hub 15 SP3:icinga2-ido-pgsql-2.12.5-bp153.2.5.1.aarch64", "SUSE Package Hub 15 SP3:icinga2-ido-pgsql-2.12.5-bp153.2.5.1.ppc64le", "SUSE Package Hub 15 SP3:icinga2-ido-pgsql-2.12.5-bp153.2.5.1.x86_64", "SUSE Package Hub 15 SP3:nano-icinga2-2.12.5-bp153.2.5.1.aarch64", "SUSE Package Hub 15 SP3:nano-icinga2-2.12.5-bp153.2.5.1.ppc64le", "SUSE Package Hub 15 SP3:nano-icinga2-2.12.5-bp153.2.5.1.x86_64", "SUSE Package Hub 15 SP3:vim-icinga2-2.12.5-bp153.2.5.1.aarch64", "SUSE Package Hub 15 SP3:vim-icinga2-2.12.5-bp153.2.5.1.ppc64le", "SUSE Package Hub 15 SP3:vim-icinga2-2.12.5-bp153.2.5.1.x86_64", "openSUSE Leap 15.2:icinga2-2.12.5-bp153.2.5.1.aarch64", "openSUSE Leap 15.2:icinga2-2.12.5-bp153.2.5.1.ppc64le", "openSUSE Leap 15.2:icinga2-2.12.5-bp153.2.5.1.x86_64", "openSUSE Leap 15.2:icinga2-bin-2.12.5-bp153.2.5.1.aarch64", "openSUSE Leap 15.2:icinga2-bin-2.12.5-bp153.2.5.1.ppc64le", "openSUSE Leap 15.2:icinga2-bin-2.12.5-bp153.2.5.1.x86_64", "openSUSE Leap 15.2:icinga2-common-2.12.5-bp153.2.5.1.aarch64", "openSUSE Leap 15.2:icinga2-common-2.12.5-bp153.2.5.1.ppc64le", "openSUSE Leap 15.2:icinga2-common-2.12.5-bp153.2.5.1.x86_64", "openSUSE Leap 15.2:icinga2-doc-2.12.5-bp153.2.5.1.aarch64", "openSUSE Leap 15.2:icinga2-doc-2.12.5-bp153.2.5.1.ppc64le", "openSUSE Leap 15.2:icinga2-doc-2.12.5-bp153.2.5.1.x86_64", "openSUSE Leap 15.2:icinga2-ido-mysql-2.12.5-bp153.2.5.1.aarch64", "openSUSE Leap 15.2:icinga2-ido-mysql-2.12.5-bp153.2.5.1.ppc64le", "openSUSE Leap 15.2:icinga2-ido-mysql-2.12.5-bp153.2.5.1.x86_64", "openSUSE Leap 15.2:icinga2-ido-pgsql-2.12.5-bp153.2.5.1.aarch64", "openSUSE Leap 15.2:icinga2-ido-pgsql-2.12.5-bp153.2.5.1.ppc64le", "openSUSE Leap 15.2:icinga2-ido-pgsql-2.12.5-bp153.2.5.1.x86_64", "openSUSE Leap 15.2:nano-icinga2-2.12.5-bp153.2.5.1.aarch64", "openSUSE Leap 15.2:nano-icinga2-2.12.5-bp153.2.5.1.ppc64le", "openSUSE Leap 15.2:nano-icinga2-2.12.5-bp153.2.5.1.x86_64", "openSUSE Leap 15.2:vim-icinga2-2.12.5-bp153.2.5.1.aarch64", "openSUSE Leap 15.2:vim-icinga2-2.12.5-bp153.2.5.1.ppc64le", "openSUSE Leap 15.2:vim-icinga2-2.12.5-bp153.2.5.1.x86_64", "openSUSE Leap 15.3:icinga2-2.12.5-bp153.2.5.1.aarch64", "openSUSE Leap 15.3:icinga2-2.12.5-bp153.2.5.1.ppc64le", "openSUSE Leap 15.3:icinga2-2.12.5-bp153.2.5.1.x86_64", "openSUSE Leap 15.3:icinga2-bin-2.12.5-bp153.2.5.1.aarch64", "openSUSE Leap 15.3:icinga2-bin-2.12.5-bp153.2.5.1.ppc64le", "openSUSE Leap 15.3:icinga2-bin-2.12.5-bp153.2.5.1.x86_64", "openSUSE Leap 15.3:icinga2-common-2.12.5-bp153.2.5.1.aarch64", "openSUSE Leap 15.3:icinga2-common-2.12.5-bp153.2.5.1.ppc64le", "openSUSE Leap 15.3:icinga2-common-2.12.5-bp153.2.5.1.x86_64", "openSUSE Leap 15.3:icinga2-doc-2.12.5-bp153.2.5.1.aarch64", "openSUSE Leap 15.3:icinga2-doc-2.12.5-bp153.2.5.1.ppc64le", "openSUSE Leap 15.3:icinga2-doc-2.12.5-bp153.2.5.1.x86_64", "openSUSE Leap 15.3:icinga2-ido-mysql-2.12.5-bp153.2.5.1.aarch64", "openSUSE Leap 15.3:icinga2-ido-mysql-2.12.5-bp153.2.5.1.ppc64le", "openSUSE Leap 15.3:icinga2-ido-mysql-2.12.5-bp153.2.5.1.x86_64", "openSUSE Leap 15.3:icinga2-ido-pgsql-2.12.5-bp153.2.5.1.aarch64", "openSUSE Leap 15.3:icinga2-ido-pgsql-2.12.5-bp153.2.5.1.ppc64le", "openSUSE Leap 15.3:icinga2-ido-pgsql-2.12.5-bp153.2.5.1.x86_64", "openSUSE Leap 15.3:nano-icinga2-2.12.5-bp153.2.5.1.aarch64", "openSUSE Leap 15.3:nano-icinga2-2.12.5-bp153.2.5.1.ppc64le", "openSUSE Leap 15.3:nano-icinga2-2.12.5-bp153.2.5.1.x86_64", "openSUSE Leap 15.3:vim-icinga2-2.12.5-bp153.2.5.1.aarch64", "openSUSE Leap 15.3:vim-icinga2-2.12.5-bp153.2.5.1.ppc64le", "openSUSE Leap 15.3:vim-icinga2-2.12.5-bp153.2.5.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2021-07-24T18:06:03Z", details: "moderate", }, ], title: "CVE-2021-32743", }, ], }
Log in or create an account to share your comment.
Security Advisory comment format.
This schema specifies the format of a comment related to a security advisory.
UUIDv4 of the comment
UUIDv4 of the Vulnerability-Lookup instance
When the comment was created originally
When the comment was last updated
Title of the comment
Description of the comment
The identifier of the vulnerability (CVE ID, GHSA-ID, PYSEC ID, etc.).
Loading…
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.