Icinga DB Web Dependency View Privilege Escalation Vulnerability

A vulnerability in Icinga DB Web versions 1.2.0 prior to 1.2.2 allows users with access to Icinga Dependency Views to see hosts and services they should not have access to on the dependency map. While the names of these objects are not revealed and access to detailed views of hosts or services is not granted, this issue affects the 'filter/hosts' and 'filter/services' restrictions. The 'filter/objects' restriction functions correctly. Users can downgrade to version 1.1.3 as a temporary workaround.

Impact

This vulnerability allows for unauthorized visibility of hosts and services in Icinga Dependency Views, potentially leading to exposure of sensitive information.

Remediation

Users should upgrade to Icinga DB Web version 1.2.2, which properly applies the necessary restrictions. Instructions for downloading this version are available on the Icinga DB Web GitHub releases page.