Microsoft Vulnerability with icinga-service.

[drapiti]

Our security department has identitified a potential vulnerbility with the default installation of the icingapowershell service.

"The remote Windows host has at least one service installed that uses an unquoted service path, which contains at least one whitespace. A local attacker can gain elevated privileges by inserting an executable file in the path of the affected service."

The second part is ok, it's the first part which should be quoted.

Cheers.

[LordHepipud]

Thank you for the report. We just provided a fix with the linked PR and published 1.5.2 to fix this.
We have also backported the fix to 1.3.2 and 1.4.2.

In addition we provided a knowledge base entry on how to test if users are affected and how to resolve the issue once an update on the Framework is done.