GCVE - cpe:2.3:a:icinga:icinga:2.15.0:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:icinga:icinga:2.15.0:*:*:*:*:*:*:*

part: a version: 2.15.0 update: *

Vendor	Icinga (`f3c2076d-deab-53f8-8d1d-6154f519c3cc`)
Product	Icinga (`24b08c5b-9b75-5b68-96d6-94b0414f4484`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from NVD CPE 2.0 feed

PURL mappings

PURL	Source	Last updated
`pkg:deb/debian/icinga`	purl2cpe	2026-06-01 10:11:14.064198
`pkg:deb/debian/icinga2`	purl2cpe	2026-06-01 10:11:14.064199
`pkg:deb/ubuntu/icinga`	purl2cpe	2026-06-01 10:11:14.064200
`pkg:deb/ubuntu/icinga2`	purl2cpe	2026-06-01 10:11:14.064202
`pkg:github/icinga/icinga2`	purl2cpe	2026-06-01 10:11:14.064203
`pkg:rpm/opensuse/icinga2`	purl2cpe	2026-06-01 10:11:14.064204
`pkg:sourceforge/icinga`	purl2cpe	2026-06-01 10:11:14.064206

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2025-61909`	vulnerable	2026-06-03 15:07:57.413476	Icinga 2 signals sent as root to processes based on PID file written by the Icinga 2 daemon user Icinga 2 is an open source monitoring system. From 2.10.0 to before 2.15.1, 2.14.7, and 2.13.13, the safe-reload script (also used during systemctl reload icinga2) and logrotate configuration shipped with Icinga 2 read the PID of the main Icinga 2 process from a PID file writable by the daemon user, but send the signal as the root user. This can allow the Icinga user to send signals to processes it would otherwise not permitted to. A fix is included in the following Icinga 2 versions: 2.15.1, 2.14.7, and 2.13.13. Published: 2025-10-16T17:20:14.705Z Updated: 2025-10-16T19:23:18.312Z Open on db.gcve.eu Reference links https://github.com/Icinga/icinga2/security/advisories/GHSA-pg6g-g99v-mw46 https://github.com/Icinga/icinga2/issues/10527 https://github.com/Icinga/icinga2/commit/51ec73cbd922a76fc0f60e1d8d33acd7caa5d587 https://icinga.com/blog/releasing-icinga-2-v2-15-1-2-14-7-and-2-13-13-and-icinga-db-web-v1-2-3-and-1-1-4	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2025-61907`	vulnerable	2026-06-03 15:07:57.412565	Icinga 2 API users could access restricted values in filter expressions Icinga 2 is an open source monitoring system. In Icinga 2 versions 2.4 through 2.15.0, filter expressions provided to the various /v1/objects endpoints could access variables or objects that would otherwise be inaccessible for the user. This allows authenticated API users to learn information that should be hidden from them, including global variables not permitted by the variables permission and objects not permitted by the corresponding objects/query permissions. The vulnerability is fixed in versions 2.15.1, 2.14.7, and 2.13.13. Published: 2025-10-16T17:11:59.338Z Updated: 2025-10-16T19:23:30.055Z Open on db.gcve.eu Reference links https://github.com/Icinga/icinga2/security/advisories/GHSA-gg32-w9rm-vp2v https://github.com/Icinga/icinga2/commit/56255ac7a689b9e198742d2fca6f7459a54c85a3	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.