gyara sakin fakitin , wanda ke ba da haɗin yanar gizo don tsarin kulawa . Sabuntawa da aka gabatar sun kawar da wani abu mai mahimmanci (CVE-2020-24368), yana ba da damar maharin da ba a tantance shi ba don samun damar fayiloli akan sabar tare da gata na tsarin Icinga Web (yawanci mai amfani wanda sabar http ko fpm ke gudana).
Harin nasara yana buƙatar kasancewar ɗaya daga cikin sassa na uku waɗanda ke zuwa tare da hotuna ko gumaka. Daga cikin irin waɗannan samfuran akwai Tsarin Tsarin Kasuwancin Icinga, Daraktan Icinga,
Rahoton Icinga, Module Maps da Globe Module. Waɗannan samfuran da kansu ba su ƙunshi lahani ba, amma abubuwa ne waɗanda ke ba da damar shirya hari akan Yanar Gizon Icinga.
Ana kai harin ta hanyar aika buƙatun HTTP GET ko POST zuwa ga ma'aikacin da ke ba da hotuna, samun dama ga wanda baya buƙatar asusu. Misali, idan Icinga Web 2 yana samuwa azaman “/ icingaweb2” kuma tsarin yana da tsarin tsarin kasuwanci wanda aka shigar a cikin /usr/share/icingaweb2/modules directory, zaku iya aika buƙatar “GET / icingaweb2/static” don karanta abubuwan da ke ciki. na /etc/os-release file /img?module_name=processprocess&file=../../../../../../../etc/os-release."
source: budenet.ru