{ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2020-24368", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Icinga Icinga Web2 2.0.0 through 2.6.4, 2.7.4 and 2.8.2 has a Directory Traversal vulnerability which allows an attacker to access arbitrary files that are readable by the process running Icinga Web 2. This issue is fixed in Icinga Web 2 in v2.6.4, v2.7.4 and v2.8.2." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "url": "https://github.com/Icinga/icingaweb2/blob/master/CHANGELOG.md", "refsource": "MISC", "name": "https://github.com/Icinga/icingaweb2/blob/master/CHANGELOG.md" }, { "refsource": "MISC", "name": "https://github.com/Icinga/icingaweb2/issues/4226", "url": "https://github.com/Icinga/icingaweb2/issues/4226" }, { "refsource": "CONFIRM", "name": "https://icinga.com/2020/08/19/icinga-web-security-release-v2-6-4-v2-7-4-and-v2-8-2/", "url": "https://icinga.com/2020/08/19/icinga-web-security-release-v2-6-4-v2-7-4-and-v2-8-2/" }, { "refsource": "DEBIAN", "name": "DSA-4747", "url": "https://www.debian.org/security/2020/dsa-4747" }, { "refsource": "MLIST", "name": "[debian-lts-announce] 20200824 [SECURITY] [DLA 2343-1] icingaweb2 security update", "url": "https://lists.debian.org/debian-lts-announce/2020/08/msg00040.html" }, { "refsource": "SUSE", "name": "openSUSE-SU-2020:1674", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00026.html" } ] } }