Primary

Context

Icinga DB Web Hidden Variable Enumeration Vulnerability

Vulnerability

A vulnerability exists in Icinga DB Web versions prior to 1.1.4 and 1.2.3, allowing authorized users to enumerate values of custom variables that are either protected or hidden. This is achieved by using these variables in filters, which can lead to unauthorized information disclosure. The vulnerability arises from inadequate handling of variable visibility in the application's filtering system.

Impact

Exploitation of this vulnerability allows for the unauthorized enumeration of hidden or protected custom variable values, potentially leading to sensitive information disclosure.

Remediation

Users can upgrade to Icinga DB Web versions 1.1.4 or 1.2.3, which address this vulnerability by returning an error when such custom variables are used. No additional workarounds are available.

Added: Oct 16, 2025, 5:17 PM

Updated: Oct 16, 2025, 5:17 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

5.9

remediation

0.0

relevance

0.7

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

5.9

remediation

0.0

relevance

0.7

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Icinga DB Web Hidden Variable Enumeration Vulnerability

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating