CVE-2024-49369 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2024-49369 Interim 1 5 2025-02-16T00:41:07Z current 2024-11-15T00:17:51Z 2025-02-16T00:41:07Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2024-49369 Icinga is a monitoring system which checks the availability of network resources, notifies users of outages, and generates performance data for reporting. The TLS certificate validation in all Icinga 2 versions starting from 2.4.0 was flawed, allowing an attacker to impersonate both trusted cluster nodes as well as any API users that use TLS client certificates for authentication (ApiUser objects with the client_cn attribute set). This vulnerability has been fixed in v2.14.3, v2.13.10, v2.12.11, and v2.11.12. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/WZZJE5TDFJPSAOPLZPWW67EYXT7Z5WA4/ E-Mail link for openSUSE-SU-2024:0371-1 https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/AT3WKZIWKJAT2IOFHCH3XH5OSH54G6FP/ E-Mail link for openSUSE-SU-2024:0372-1 https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/BRICGA55WXXGHCSKSOD24SNS4LQXWB65/ E-Mail link for openSUSE-SU-2024:14493-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings SUSE Package Hub 15 SP5 SUSE Package Hub 15 SP6 openSUSE Leap 15.5 openSUSE Leap 15.6 openSUSE Tumbleweed icinga2-2.13.10-bp155.3.3.1 icinga2-2.13.10-bp156.4.3.1 icinga2-2.14.3-1.1 icinga2-bin-2.13.10-bp155.3.3.1 icinga2-bin-2.13.10-bp156.4.3.1 icinga2-bin-2.14.3-1.1 icinga2-common-2.13.10-bp155.3.3.1 icinga2-common-2.13.10-bp156.4.3.1 icinga2-common-2.14.3-1.1 icinga2-doc-2.13.10-bp155.3.3.1 icinga2-doc-2.13.10-bp156.4.3.1 icinga2-doc-2.14.3-1.1 icinga2-ido-mysql-2.13.10-bp155.3.3.1 icinga2-ido-mysql-2.13.10-bp156.4.3.1 icinga2-ido-mysql-2.14.3-1.1 icinga2-ido-pgsql-2.13.10-bp155.3.3.1 icinga2-ido-pgsql-2.13.10-bp156.4.3.1 icinga2-ido-pgsql-2.14.3-1.1 nano-icinga2-2.13.10-bp155.3.3.1 nano-icinga2-2.13.10-bp156.4.3.1 nano-icinga2-2.14.3-1.1 vim-icinga2-2.13.10-bp155.3.3.1 vim-icinga2-2.13.10-bp156.4.3.1 vim-icinga2-2.14.3-1.1 icinga2-2.13.10-bp155.3.3.1 as a component of SUSE Package Hub 15 SP5 icinga2-bin-2.13.10-bp155.3.3.1 as a component of SUSE Package Hub 15 SP5 icinga2-common-2.13.10-bp155.3.3.1 as a component of SUSE Package Hub 15 SP5 icinga2-doc-2.13.10-bp155.3.3.1 as a component of SUSE Package Hub 15 SP5 icinga2-ido-mysql-2.13.10-bp155.3.3.1 as a component of SUSE Package Hub 15 SP5 icinga2-ido-pgsql-2.13.10-bp155.3.3.1 as a component of SUSE Package Hub 15 SP5 nano-icinga2-2.13.10-bp155.3.3.1 as a component of SUSE Package Hub 15 SP5 vim-icinga2-2.13.10-bp155.3.3.1 as a component of SUSE Package Hub 15 SP5 icinga2-2.13.10-bp156.4.3.1 as a component of SUSE Package Hub 15 SP6 icinga2-bin-2.13.10-bp156.4.3.1 as a component of SUSE Package Hub 15 SP6 icinga2-common-2.13.10-bp156.4.3.1 as a component of SUSE Package Hub 15 SP6 icinga2-doc-2.13.10-bp156.4.3.1 as a component of SUSE Package Hub 15 SP6 icinga2-ido-mysql-2.13.10-bp156.4.3.1 as a component of SUSE Package Hub 15 SP6 icinga2-ido-pgsql-2.13.10-bp156.4.3.1 as a component of SUSE Package Hub 15 SP6 nano-icinga2-2.13.10-bp156.4.3.1 as a component of SUSE Package Hub 15 SP6 vim-icinga2-2.13.10-bp156.4.3.1 as a component of SUSE Package Hub 15 SP6 icinga2-2.13.10-bp155.3.3.1 as a component of openSUSE Leap 15.5 icinga2-bin-2.13.10-bp155.3.3.1 as a component of openSUSE Leap 15.5 icinga2-common-2.13.10-bp155.3.3.1 as a component of openSUSE Leap 15.5 icinga2-doc-2.13.10-bp155.3.3.1 as a component of openSUSE Leap 15.5 icinga2-ido-mysql-2.13.10-bp155.3.3.1 as a component of openSUSE Leap 15.5 icinga2-ido-pgsql-2.13.10-bp155.3.3.1 as a component of openSUSE Leap 15.5 nano-icinga2-2.13.10-bp155.3.3.1 as a component of openSUSE Leap 15.5 vim-icinga2-2.13.10-bp155.3.3.1 as a component of openSUSE Leap 15.5 icinga2-2.13.10-bp156.4.3.1 as a component of openSUSE Leap 15.6 icinga2-bin-2.13.10-bp156.4.3.1 as a component of openSUSE Leap 15.6 icinga2-common-2.13.10-bp156.4.3.1 as a component of openSUSE Leap 15.6 icinga2-doc-2.13.10-bp156.4.3.1 as a component of openSUSE Leap 15.6 icinga2-ido-mysql-2.13.10-bp156.4.3.1 as a component of openSUSE Leap 15.6 icinga2-ido-pgsql-2.13.10-bp156.4.3.1 as a component of openSUSE Leap 15.6 nano-icinga2-2.13.10-bp156.4.3.1 as a component of openSUSE Leap 15.6 vim-icinga2-2.13.10-bp156.4.3.1 as a component of openSUSE Leap 15.6 icinga2-2.14.3-1.1 as a component of openSUSE Tumbleweed icinga2-bin-2.14.3-1.1 as a component of openSUSE Tumbleweed icinga2-common-2.14.3-1.1 as a component of openSUSE Tumbleweed icinga2-doc-2.14.3-1.1 as a component of openSUSE Tumbleweed icinga2-ido-mysql-2.14.3-1.1 as a component of openSUSE Tumbleweed icinga2-ido-pgsql-2.14.3-1.1 as a component of openSUSE Tumbleweed nano-icinga2-2.14.3-1.1 as a component of openSUSE Tumbleweed vim-icinga2-2.14.3-1.1 as a component of openSUSE Tumbleweed Icinga is a monitoring system which checks the availability of network resources, notifies users of outages, and generates performance data for reporting. The TLS certificate validation in all Icinga 2 versions starting from 2.4.0 was flawed, allowing an attacker to impersonate both trusted cluster nodes as well as any API users that use TLS client certificates for authentication (ApiUser objects with the client_cn attribute set). This vulnerability has been fixed in v2.14.3, v2.13.10, v2.12.11, and v2.11.12. CVE-2024-49369 SUSE Package Hub 15 SP5:icinga2-2.13.10-bp155.3.3.1 SUSE Package Hub 15 SP5:icinga2-bin-2.13.10-bp155.3.3.1 SUSE Package Hub 15 SP5:icinga2-common-2.13.10-bp155.3.3.1 SUSE Package Hub 15 SP5:icinga2-doc-2.13.10-bp155.3.3.1 SUSE Package Hub 15 SP5:icinga2-ido-mysql-2.13.10-bp155.3.3.1 SUSE Package Hub 15 SP5:icinga2-ido-pgsql-2.13.10-bp155.3.3.1 SUSE Package Hub 15 SP5:nano-icinga2-2.13.10-bp155.3.3.1 SUSE Package Hub 15 SP5:vim-icinga2-2.13.10-bp155.3.3.1 SUSE Package Hub 15 SP6:icinga2-2.13.10-bp156.4.3.1 SUSE Package Hub 15 SP6:icinga2-bin-2.13.10-bp156.4.3.1 SUSE Package Hub 15 SP6:icinga2-common-2.13.10-bp156.4.3.1 SUSE Package Hub 15 SP6:icinga2-doc-2.13.10-bp156.4.3.1 SUSE Package Hub 15 SP6:icinga2-ido-mysql-2.13.10-bp156.4.3.1 SUSE Package Hub 15 SP6:icinga2-ido-pgsql-2.13.10-bp156.4.3.1 SUSE Package Hub 15 SP6:nano-icinga2-2.13.10-bp156.4.3.1 SUSE Package Hub 15 SP6:vim-icinga2-2.13.10-bp156.4.3.1 openSUSE Leap 15.5:icinga2-2.13.10-bp155.3.3.1 openSUSE Leap 15.5:icinga2-bin-2.13.10-bp155.3.3.1 openSUSE Leap 15.5:icinga2-common-2.13.10-bp155.3.3.1 openSUSE Leap 15.5:icinga2-doc-2.13.10-bp155.3.3.1 openSUSE Leap 15.5:icinga2-ido-mysql-2.13.10-bp155.3.3.1 openSUSE Leap 15.5:icinga2-ido-pgsql-2.13.10-bp155.3.3.1 openSUSE Leap 15.5:nano-icinga2-2.13.10-bp155.3.3.1 openSUSE Leap 15.5:vim-icinga2-2.13.10-bp155.3.3.1 openSUSE Leap 15.6:icinga2-2.13.10-bp156.4.3.1 openSUSE Leap 15.6:icinga2-bin-2.13.10-bp156.4.3.1 openSUSE Leap 15.6:icinga2-common-2.13.10-bp156.4.3.1 openSUSE Leap 15.6:icinga2-doc-2.13.10-bp156.4.3.1 openSUSE Leap 15.6:icinga2-ido-mysql-2.13.10-bp156.4.3.1 openSUSE Leap 15.6:icinga2-ido-pgsql-2.13.10-bp156.4.3.1 openSUSE Leap 15.6:nano-icinga2-2.13.10-bp156.4.3.1 openSUSE Leap 15.6:vim-icinga2-2.13.10-bp156.4.3.1 openSUSE Tumbleweed:icinga2-2.14.3-1.1 openSUSE Tumbleweed:icinga2-bin-2.14.3-1.1 openSUSE Tumbleweed:icinga2-common-2.14.3-1.1 openSUSE Tumbleweed:icinga2-doc-2.14.3-1.1 openSUSE Tumbleweed:icinga2-ido-mysql-2.14.3-1.1 openSUSE Tumbleweed:icinga2-ido-pgsql-2.14.3-1.1 openSUSE Tumbleweed:nano-icinga2-2.14.3-1.1 openSUSE Tumbleweed:vim-icinga2-2.14.3-1.1 critical 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H