Main Vulnerability Database SB2020121589

SB2020121589 - Improper Certificate Validation in Icinga

Published: December 15, 2020 Updated: June 29, 2026

Security Bulletin ID SB2020121589

CSH Severity

Low

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Data manipulation

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 vulnerability.

1) Improper Certificate Validation (CVE-ID: CVE-2020-29663)

CWE-ID: CWE-295 - Improper Certificate Validation

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

The vulnerability allows a remote user to bypass certificate revocation checks.

The vulnerability exists due to improper certificate validation in the ApiListener certificate renewal logic when processing certificate renewal requests. A remote user can request automatic renewal of a revoked certificate to bypass certificate revocation checks.

Only setups using external certificate signing are affected, and exploitation requires that a CRL is configured and that the revoked certificate is eligible for automatic renewal because it was issued before 2017 or expires in less than 30 days.

Remediation

Install update from vendor's website.

References

https://github.com/Icinga/icinga2/security/advisories/GHSA-pcmr-2p2f-r7j6