{"affected":[{"ecosystem_specific":{"binaries":[{"icingacli":"2.8.6-bp153.2.3.1","icingaweb2":"2.8.6-bp153.2.3.1","icingaweb2-common":"2.8.6-bp153.2.3.1","icingaweb2-vendor-HTMLPurifier":"2.8.6-bp153.2.3.1","icingaweb2-vendor-JShrink":"2.8.6-bp153.2.3.1","icingaweb2-vendor-Parsedown":"2.8.6-bp153.2.3.1","icingaweb2-vendor-dompdf":"2.8.6-bp153.2.3.1","icingaweb2-vendor-lessphp":"2.8.6-bp153.2.3.1","icingaweb2-vendor-zf1":"2.8.6-bp153.2.3.1","php-Icinga":"2.8.6-bp153.2.3.1"}]},"package":{"ecosystem":"SUSE:Package Hub 15 SP3","name":"icingaweb2","purl":"pkg:rpm/suse/icingaweb2&distro=SUSE%20Package%20Hub%2015%20SP3"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"2.8.6-bp153.2.3.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"icingacli":"2.8.6-bp153.2.3.1","icingaweb2":"2.8.6-bp153.2.3.1","icingaweb2-common":"2.8.6-bp153.2.3.1","icingaweb2-vendor-HTMLPurifier":"2.8.6-bp153.2.3.1","icingaweb2-vendor-JShrink":"2.8.6-bp153.2.3.1","icingaweb2-vendor-Parsedown":"2.8.6-bp153.2.3.1","icingaweb2-vendor-dompdf":"2.8.6-bp153.2.3.1","icingaweb2-vendor-lessphp":"2.8.6-bp153.2.3.1","icingaweb2-vendor-zf1":"2.8.6-bp153.2.3.1","php-Icinga":"2.8.6-bp153.2.3.1"}]},"package":{"ecosystem":"openSUSE:Leap 15.3","name":"icingaweb2","purl":"pkg:rpm/opensuse/icingaweb2&distro=openSUSE%20Leap%2015.3"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"2.8.6-bp153.2.3.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update for icingaweb2 fixes the following issues:\n\nicingaweb2 was updated to 2.8.6\n\nThis is a security release.\n\n* Security Fixes\n\n- CVE-2022-24715: SSH resources allow arbitrary code execution for authenticated users (GHSA-v9mv-h52f-7g63 boo#1196911)\n- CVE-2022-24714: Unwanted disclosure of hosts and related data, linked to decommissioned services (GHSA-qcmg-vr56-x9wf boo#1196913)\n","id":"openSUSE-SU-2022:0097-1","modified":"2022-03-31T08:41:15Z","published":"2022-03-31T08:41:15Z","references":[{"type":"ADVISORY","url":"https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/IZ3SOPUOKOBQCVEVEU6YPIZRX5AB77WX/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1196911"},{"type":"REPORT","url":"https://bugzilla.suse.com/1196913"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2022-24714"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2022-24715"}],"related":["CVE-2022-24714","CVE-2022-24715"],"summary":"Security update for icingaweb2","upstream":["CVE-2022-24714","CVE-2022-24715"]}