Impact
Despite a CA is specified, none of ElasticsearchWriter, GelfWriter, InfluxdbWriter and Influxdb2Writer verify the server's certificate.
Patches
Icinga 2 instances which connect to any of the mentioned TSDBs using TLS over a spoofable infrastructure should immediately upgrade and change the credentials (if any) used by the TSDB writer feature to authenticate against the TSDB.
Workarounds
None.
References
Blogpost: https://icinga.com/blog/2021/08/19/icinga-2-13-1-security-release/
For more information
If you have any questions or comments about this advisory:
Impact
Despite a CA is specified, none of ElasticsearchWriter, GelfWriter, InfluxdbWriter and Influxdb2Writer verify the server's certificate.
Patches
Icinga 2 instances which connect to any of the mentioned TSDBs using TLS over a spoofable infrastructure should immediately upgrade and change the credentials (if any) used by the TSDB writer feature to authenticate against the TSDB.
Workarounds
None.
References
Blogpost: https://icinga.com/blog/2021/08/19/icinga-2-13-1-security-release/
For more information
If you have any questions or comments about this advisory: