CVE-2018-6533
7.8
HIGH
CVSS 3.1
EPSS 0.05%
Description
An issue was discovered in Icinga 2.x through 2.8.1. By editing the init.conf file, Icinga 2 can be run as root. Following this the program can be used to run arbitrary code as root. This was fixed by no longer using init.conf to determine account information for any root-executed code (a larger issue than CVE-2017-16933).
How to fix CVE-2018-6533
To remediate CVE-2018-6533, upgrade the affected package to a fixed version below.
- —upgrade to 2.8.4-1 or later
Is CVE-2018-6533 being exploited?
Low — EPSS is 0.0%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- from 0, < 2.8.4-1
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | HIGH7.8 | CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |