Path traversal in Icinga Web 2 - CVE-2022-24715
Published: March 8, 2022 / Updated: July 6, 2026
Icinga Web 2
Detailed vulnerability description
The vulnerability allows a remote user to execute arbitrary code.
The vulnerability exists due to path traversal in SSH resources configuration handling when processing SSH resource file paths. A remote user can create SSH resource files in unintended directories to execute arbitrary code.
Exploitation requires access to the configuration.