{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-23T22:02:07.602","vulnerabilities":[{"cve":{"id":"CVE-2022-24716","sourceIdentifier":"security-advisories@github.com","published":"2022-03-08T20:15:07.853","lastModified":"2024-11-21T06:50:56.390","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Icinga Web 2 is an open source monitoring web interface, framework and command-line interface. Unauthenticated users can leak the contents of files of the local system accessible to the web-server user, including `icingaweb2` configuration files with database credentials. This issue has been resolved in versions 2.9.6 and 2.10 of Icinga Web 2. Database credentials should be rotated."},{"lang":"es","value":"Icinga Web 2 es una interfaz web de monitorización de código abierto, un framework y una interfaz de línea de comandos. Los usuarios no autenticados pueden filtrar el contenido de los archivos del sistema local accesibles al usuario del servidor web, incluidos los archivos de configuración de `icingaweb2` con credenciales de la base de datos. Este problema se ha resuelto en las versiones 2.9.6 y 2.10 de Icinga Web 2. Las credenciales de la base de datos deben rotarse"}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:N/A:N","baseScore":5.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-22"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-22"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:icinga:icinga_web_2:*:*:*:*:*:*:*:*","versionStartIncluding":"2.9.0","versionEndExcluding":"2.9.6","matchCriteriaId":"CE7D185F-C8C8-4401-B8F5-580DF83D5D79"}]}]}],"references":[{"url":"http://packetstormsecurity.com/files/171774/Icinga-Web-2.10-Arbitrary-File-Disclosure.html","source":"security-advisories@github.com"},{"url":"https://github.com/Icinga/icingaweb2/commit/9931ed799650f5b8d5e1dc58ea3415a4cdc5773d","source":"security-advisories@github.com","tags":["Patch","Third Party Advisory"]},{"url":"https://github.com/Icinga/icingaweb2/security/advisories/GHSA-5p3f-rh28-8frw","source":"security-advisories@github.com","tags":["Third Party Advisory"]},{"url":"https://security.gentoo.org/glsa/202208-05","source":"security-advisories@github.com","tags":["Third Party Advisory"]},{"url":"http://packetstormsecurity.com/files/171774/Icinga-Web-2.10-Arbitrary-File-Disclosure.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://github.com/Icinga/icingaweb2/commit/9931ed799650f5b8d5e1dc58ea3415a4cdc5773d","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory"]},{"url":"https://github.com/Icinga/icingaweb2/security/advisories/GHSA-5p3f-rh28-8frw","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://security.gentoo.org/glsa/202208-05","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]}]}}]}