You may have seen CVE-2013-2214 allowing non-authorized users to view certain details in servicegroups. Ricardo verified the CVE details against Icinga Classic UI, and enlightened me that this behaviour was fixed long time ago. Icinga Classic UI first fetches all the data, applies filters and authorization checks against it, and then displays that data set not allowing any flaws here.

So you can fully ignore the CVE, it only applies to Nagios even if stated otherwise somewhere.