PRIVATE_FEEDS/CVE_VULN_FEED/CVE-2020-24368-icinga_web_pathtraversal/alert_text.md

Date: 2020-08-27

Path-Traversal was reported in Icinga-Web (successor of nagios2), CVE-202-24368 / CVSS 7.5

since availability-monitoring is crucial for datacenters, this could allow to read sensitive information on the monitoring-host.

we suggest to limit access to your monitoring-solution.

we found various IPs in your ORG/ASN, matching criteria for possible vulnerable systems

False-Positive-Level: low

please find a list of affected IPs below and more information on that problem here:

References:

• https://nvd.nist.gov/vuln/detail/CVE-2020-24368