SUSE Package Hub - openSUSE-2020-1674

Update Info

openSUSE-2020-1674

Security update for icingaweb2

Type: security

Severity: important

Issued: 2020-10-16

Description:

This update for icingaweb2 fixes the following issues:

- icingaweb2 was updated to 2.7.4
  * CVE-2020-24368: Fixed a path Traversal which could have allowed an attacker to access 
    arbitrary files which are readable by the process running (boo#1175530).

References

CVE: CVE-2020-24368
Bugzilla: 1175530 VUL-0: CVE-2020-24368: icingaweb2: Directory Traversal vulnerability which allows an attacker to access arbitrary files that are readable by the process

Packages

icingaweb2-2.7.4-bp152.2.3.1