CVE-2024-41811
Publication date 5 August 2024
Last updated 26 August 2025
Ubuntu priority
Description
ipl/web is a set of common web components for php projects. Some of the recent development by Icinga is, under certain circumstances, susceptible to cross site request forgery. (CSRF). All affected products, in any version, will be unaffected by this once `icinga-php-library` is upgraded. Version 0.10.1 includes a fix for this. It will be published as part of the `icinga-php-library` v0.14.1 release.
Status
| Package | Ubuntu Release | Status |
|---|---|---|
| icinga-php-library | 26.04 LTS resolute |
Not affected
|
| 25.10 questing |
Not affected
|
|
| 24.04 LTS noble |
Needs evaluation
|
|
| 22.04 LTS jammy |
Needs evaluation
|
|
| 20.04 LTS focal | Not in release |
Severity score breakdown
CVSS version: CVSS v3.0
Base score
3.9 · Low
Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:L
References
Other references
- https://www.cve.org/CVERecord?id=CVE-2024-41811
- https://github.com/Icinga/ipl-web/security/advisories/GHSA-w9pg-7c3h-fc8j
- https://github.com/Icinga/ipl-web/commit/492336fdb57a5bb0881ed642ab36f5841337571e (v0.10.1)
- https://github.com/Icinga/icinga-php-library/commit/20c73075a9e9824d089bbd2e433bb2f613fd5801