svn commit: r545442 - head/security/vuxml
Lars Engels
lme at FreeBSD.org
Wed Aug 19 17:29:52 UTC 2020
Author: lme
Date: Wed Aug 19 17:29:51 2020
New Revision: 545442
URL: https://svnweb.freebsd.org/changeset/ports/545442
Log:
Document icingaweb2 vulnerability
Modified:
head/security/vuxml/vuln.xml
Modified: head/security/vuxml/vuln.xml
==============================================================================
--- head/security/vuxml/vuln.xml Wed Aug 19 17:11:52 2020 (r545441)
+++ head/security/vuxml/vuln.xml Wed Aug 19 17:29:51 2020 (r545442)
@@ -58,6 +58,38 @@ Notes:
* Do not forget port variants (linux-f10-libxml2, libxml2, etc.)
-->
<vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
+ <vuln vid="f60561e7-e23e-11ea-be64-507b9d01076a">
+ <topic>Icinga Web 2 -- directory traversal vulnerability</topic>
+ <affects>
+ <package>
+ <name>icingaweb2</name>
+ <range><le>2.8.1</le></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Icinga development team reports:</p>
+ <blockquote cite="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-24368">
+ <p>CVE-2020-24368</p>
+ <p>
+ Icinga Icinga Web2 2.0.0 through 2.6.4, 2.7.4 and 2.8.2 has a
+ Directory Traversal vulnerability which allows an attacker to access
+ arbitrary files that are readable by the process running Icinga Web
+ 2. This issue is fixed in Icinga Web 2 in v2.6.4, v2.7.4 and v2.8.2.
+ </p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>https://icinga.com/2020/08/19/icinga-web-security-release-v2-6-4-v2-7-4-and-v2-8-2/</url>
+ <cvename>CVE-2020-24368</cvename>
+ </references>
+ <dates>
+ <discovery>2020-08-19</discovery>
+ <entry>2020-08-19</entry>
+ </dates>
+ </vuln>
+
<vuln vid="b905dff4-e227-11ea-b0ea-08002728f74c">
<topic>curl -- expired pointer dereference vulnerability</topic>
<affects>
More information about the svn-ports-all
mailing list