sixitaannada xirmada , bixinta interneedka shabakadda ee nidaamka la socodka Cusboonaysiinta la soo jeediyay ayaa ka hadlaysa arrin xasaasi ah. (CVE-2020-24368) waxay u ogolaataa weeraryahan aan la xaqiijin inuu galo faylasha server-ka oo leh mudnaanta nidaamka Webka Icinga (sida caadiga ah isticmaalaha uu ka hoos shaqeeyo server-ka http ama fpm).
Weerarka guusha leh wuxuu u baahan yahay joogitaanka mid ka mid ah qaybaha saddexaad ee lagu keenay sawirro ama astaamo. Qaybaha noocaan ah waxaa ka mid ah Qaabaynta Habka Ganacsiga Icinga, Agaasimaha Icinga,
Warbixinta Icinga, Module Maps, iyo Globe Module. Qaybahan laftoodu maaha kuwo nugul, laakiin waa arrimo u oggolaanaya weerarrada Webka Icinga.
Weerarka waxaa lagu fuliyaa iyadoo loo diro HTTP GET ama codsiyada POST maamulaha sawirka u adeegaya, gelitaanka kaas oo aan u baahnayn akoon. Tusaale ahaan, haddii Icinga Web 2 loo heli karo sida "/ icingaweb2" oo nidaamku leeyahay habka habka ganacsiga ee lagu rakibay /usr/share/icingaweb2/modules directory, codsiga "GET /icingaweb2/static/img?module_name=process-ganacsi&file=../../../os/-./ase" akhri waxa ku jira faylka /etc/os-release.
Source: opennet.ru
