Vulnerabilites related to Tribe29 - Checkmk
CVE-2022-48320 (GCVE-0-2022-48320)
Vulnerability from cvelistv5
Published
2023-02-20 16:56
Modified
2025-03-12 18:10
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-352 - Cross-Site Request Forgery (CSRF)
Summary
Cross-site Request Forgery (CSRF) in Tribe29's Checkmk <= 2.1.0p17, Checkmk <= 2.0.0p31, and all versions of Checkmk 1.6.0 (EOL) allow an attacker to add new visual elements to multiple pages.
References
| ► | URL | Tags |
|---|---|---|
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T15:10:59.719Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://checkmk.com/werk/14924"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-48320",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-12T18:09:56.865240Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-12T18:10:01.870Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Checkmk",
"vendor": "Tribe29",
"versions": [
{
"lessThanOrEqual": "2.0.0p31",
"status": "affected",
"version": "2.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "2.1.0p17",
"status": "affected",
"version": "2.1.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "1.6.0p30",
"status": "affected",
"version": "1.6.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Jan H\u00f6rsch (SSE \u2013 Secure Systems Engineering GmbH)"
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Request Forgery (CSRF) in Tribe29\u0027s Checkmk \u003c= 2.1.0p17, Checkmk \u003c= 2.0.0p31, and all versions of Checkmk 1.6.0 (EOL) allow an attacker to add new visual elements to multiple pages."
}
],
"impacts": [
{
"capecId": "CAPEC-62",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-62 Cross Site Request Forgery"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-352",
"description": "CWE-352 Cross-Site Request Forgery (CSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-25T12:57:20.486Z",
"orgId": "f7d6281c-4801-44ce-ace2-493291dedb0f",
"shortName": "Checkmk"
},
"references": [
{
"url": "https://checkmk.com/werk/14924"
}
],
"title": "CSRF in add-visual endpoint"
}
},
"cveMetadata": {
"assignerOrgId": "f7d6281c-4801-44ce-ace2-493291dedb0f",
"assignerShortName": "Tribe29",
"cveId": "CVE-2022-48320",
"datePublished": "2023-02-20T16:56:40.889Z",
"dateReserved": "2023-02-08T08:46:54.800Z",
"dateUpdated": "2025-03-12T18:10:01.870Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-43440 (GCVE-0-2022-43440)
Vulnerability from cvelistv5
Published
2023-02-09 08:30
Modified
2025-03-24 15:15
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-427 - Uncontrolled Search Path Element
Summary
Uncontrolled Search Path Element in Checkmk Agent in Tribe29 Checkmk before 2.1.0p1, before 2.0.0p25 and before 1.6.0p29 on a Checkmk server allows the site user to escalate privileges via a manipulated unixcat executable
References
| ► | URL | Tags |
|---|---|---|
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T13:32:58.405Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://checkmk.com/werk/14087"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-43440",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-24T15:14:24.264811Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-24T15:15:20.026Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Checkmk",
"vendor": "Tribe29",
"versions": [
{
"lessThan": "2.1.0p1",
"status": "affected",
"version": "2.1.0",
"versionType": "semver"
},
{
"lessThan": "2.0.0p25",
"status": "affected",
"version": "2.0.0",
"versionType": "semver"
},
{
"lessThan": "1.6.0p29",
"status": "affected",
"version": "1.6.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Uncontrolled Search Path Element in Checkmk Agent in Tribe29 Checkmk before 2.1.0p1, before 2.0.0p25 and before 1.6.0p29 on a Checkmk server allows the site user to escalate privileges via a manipulated unixcat executable"
}
],
"impacts": [
{
"capecId": "CAPEC-233",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-233 Privilege Escalation"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-427",
"description": "CWE-427 Uncontrolled Search Path Element",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-02-09T08:30:42.285Z",
"orgId": "f7d6281c-4801-44ce-ace2-493291dedb0f",
"shortName": "Tribe29"
},
"references": [
{
"url": "https://checkmk.com/werk/14087"
}
],
"title": "Privilege escalation via manipulated unixcat executable"
}
},
"cveMetadata": {
"assignerOrgId": "f7d6281c-4801-44ce-ace2-493291dedb0f",
"assignerShortName": "Tribe29",
"cveId": "CVE-2022-43440",
"datePublished": "2023-02-09T08:30:42.285Z",
"dateReserved": "2023-01-18T15:49:58.102Z",
"dateUpdated": "2025-03-24T15:15:20.026Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-40906 (GCVE-0-2021-40906)
Vulnerability from cvelistv5
Published
2022-03-25 22:20
Modified
2024-08-04 02:51
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
CheckMK Raw Edition software (versions 1.5.0 to 1.6.0) does not sanitise the input of a web service parameter that is in an unauthenticated zone. This Reflected XSS allows an attacker to open a backdoor on the device with HTML content and interpreted by the browser (such as JavaScript or other client-side scripts) or to steal the session cookies of a user who has previously authenticated via a man in the middle. Successful exploitation requires access to the web service resource without authentication.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T02:51:07.765Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://checkmk.com"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/Edgarloyola/CVE-2021-40906"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "CheckMK Raw Edition software (versions 1.5.0 to 1.6.0) does not sanitise the input of a web service parameter that is in an unauthenticated zone. This Reflected XSS allows an attacker to open a backdoor on the device with HTML content and interpreted by the browser (such as JavaScript or other client-side scripts) or to steal the session cookies of a user who has previously authenticated via a man in the middle. Successful exploitation requires access to the web service resource without authentication."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-03-25T22:20:04",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://checkmk.com"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/Edgarloyola/CVE-2021-40906"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-40906",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "CheckMK Raw Edition software (versions 1.5.0 to 1.6.0) does not sanitise the input of a web service parameter that is in an unauthenticated zone. This Reflected XSS allows an attacker to open a backdoor on the device with HTML content and interpreted by the browser (such as JavaScript or other client-side scripts) or to steal the session cookies of a user who has previously authenticated via a man in the middle. Successful exploitation requires access to the web service resource without authentication."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://checkmk.com",
"refsource": "MISC",
"url": "http://checkmk.com"
},
{
"name": "https://github.com/Edgarloyola/CVE-2021-40906",
"refsource": "MISC",
"url": "https://github.com/Edgarloyola/CVE-2021-40906"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-40906",
"datePublished": "2022-03-25T22:20:04",
"dateReserved": "2021-09-13T00:00:00",
"dateUpdated": "2024-08-04T02:51:07.765Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-31207 (GCVE-0-2023-31207)
Vulnerability from cvelistv5
Published
2023-05-02 08:52
Modified
2025-01-30 14:18
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-532 - Insertion of Sensitive Information into Log File
Summary
Transmission of credentials within query parameters in Checkmk <= 2.1.0p26, <= 2.0.0p35, and <= 2.2.0b6 (beta) may cause the automation user's secret to be written to the site Apache access log.
References
| ► | URL | Tags |
|---|---|---|
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T14:45:26.020Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://checkmk.com/werk/15189"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-31207",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-30T14:17:49.278719Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-532",
"description": "CWE-532 Insertion of Sensitive Information into Log File",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-30T14:18:33.648Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Checkmk",
"vendor": "Tribe29",
"versions": [
{
"lessThanOrEqual": "2.2.0b6",
"status": "affected",
"version": "2.2.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "2.1.0p26",
"status": "affected",
"version": "2.1.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "2.0.0p35",
"status": "affected",
"version": "2.0.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Transmission of credentials within query parameters in Checkmk \u003c= 2.1.0p26, \u003c= 2.0.0p35, and \u003c= 2.2.0b6 (beta) may cause the automation user\u0027s secret to be written to the site Apache access log."
}
],
"impacts": [
{
"capecId": "CAPEC-37",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-37: Retrieve Embedded Sensitive Data"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-532",
"description": "CWE-532: Insertion of Sensitive Information into Log File",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-02T08:52:31.629Z",
"orgId": "f7d6281c-4801-44ce-ace2-493291dedb0f",
"shortName": "Tribe29"
},
"references": [
{
"url": "https://checkmk.com/werk/15189"
}
],
"title": "Automation user secret logged to Apache access log"
}
},
"cveMetadata": {
"assignerOrgId": "f7d6281c-4801-44ce-ace2-493291dedb0f",
"assignerShortName": "Tribe29",
"cveId": "CVE-2023-31207",
"datePublished": "2023-05-02T08:52:31.629Z",
"dateReserved": "2023-04-25T08:49:15.442Z",
"dateUpdated": "2025-01-30T14:18:33.648Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-22294 (GCVE-0-2023-22294)
Vulnerability from cvelistv5
Published
2023-04-18 18:59
Modified
2025-02-05 21:22
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-732 - Incorrect Permission Assignment for Critical Resource
Summary
Privilege escalation in Tribe29 Checkmk Appliance before 1.6.4 allows authenticated site users to escalate privileges via incorrectly set permissions.
References
| ► | URL | Tags |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Tribe29 | Checkmk Appliance |
Version: 0 ≤ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T10:07:06.102Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://checkmk.com/werk/9520"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-22294",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-05T21:22:12.909789Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-05T21:22:34.383Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Checkmk Appliance",
"vendor": "Tribe29",
"versions": [
{
"lessThan": "1.6.4",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Privilege escalation in Tribe29 Checkmk Appliance before 1.6.4 allows authenticated site users to escalate privileges via incorrectly set permissions."
}
],
"impacts": [
{
"capecId": "CAPEC-233",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-233 Privilege Escalation"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-732",
"description": "CWE-732: Incorrect Permission Assignment for Critical Resource",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-18T18:59:33.380Z",
"orgId": "f7d6281c-4801-44ce-ace2-493291dedb0f",
"shortName": "Tribe29"
},
"references": [
{
"url": "https://checkmk.com/werk/9520"
}
],
"title": "Privilege escalation in Checkmk Appliance"
}
},
"cveMetadata": {
"assignerOrgId": "f7d6281c-4801-44ce-ace2-493291dedb0f",
"assignerShortName": "Tribe29",
"cveId": "CVE-2023-22294",
"datePublished": "2023-04-18T18:59:33.380Z",
"dateReserved": "2023-01-18T15:32:06.452Z",
"dateUpdated": "2025-02-05T21:22:34.383Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-31258 (GCVE-0-2022-31258)
Vulnerability from cvelistv5
Published
2022-05-20 22:02
Modified
2024-08-03 07:11
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
In Checkmk before 1.6.0p29, 2.x before 2.0.0p25, and 2.1.x before 2.1.0b10, a site user can escalate to root by editing an OMD hook symlink.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T07:11:39.847Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://checkmk.com/werk/13902"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://forum.checkmk.com/c/announcements/18"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Checkmk before 1.6.0p29, 2.x before 2.0.0p25, and 2.1.x before 2.1.0b10, a site user can escalate to root by editing an OMD hook symlink."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AC:L/AV:L/A:H/C:H/I:H/PR:H/S:C/UI:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-05-20T22:02:46",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://checkmk.com/werk/13902"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://forum.checkmk.com/c/announcements/18"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-31258",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Checkmk before 1.6.0p29, 2.x before 2.0.0p25, and 2.1.x before 2.1.0b10, a site user can escalate to root by editing an OMD hook symlink."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AC:L/AV:L/A:H/C:H/I:H/PR:H/S:C/UI:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://checkmk.com/werk/13902",
"refsource": "MISC",
"url": "https://checkmk.com/werk/13902"
},
{
"name": "https://forum.checkmk.com/c/announcements/18",
"refsource": "MISC",
"url": "https://forum.checkmk.com/c/announcements/18"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-31258",
"datePublished": "2022-05-20T22:02:46",
"dateReserved": "2022-05-20T00:00:00",
"dateUpdated": "2024-08-03T07:11:39.847Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-48319 (GCVE-0-2022-48319)
Vulnerability from cvelistv5
Published
2023-02-20 16:56
Modified
2025-03-12 14:00
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
Summary
Sensitive host secret disclosed in cmk-update-agent.log file in Tribe29's Checkmk <= 2.1.0p13, Checkmk <= 2.0.0p29, and all versions of Checkmk 1.6.0 (EOL) allows an attacker to gain access to the host secret through the unprotected agent updater log file.
References
| ► | URL | Tags |
|---|---|---|
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T15:10:59.635Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://checkmk.com/werk/14916"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-48319",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-12T14:00:22.741456Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-12T14:00:50.779Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Checkmk",
"vendor": "Tribe29",
"versions": [
{
"lessThanOrEqual": "2.0.0p29",
"status": "affected",
"version": "2.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "2.1.0p13",
"status": "affected",
"version": "2.1.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "1.6.0p30",
"status": "affected",
"version": "1.6.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Sensitive host secret disclosed in cmk-update-agent.log file in Tribe29\u0027s Checkmk \u003c= 2.1.0p13, Checkmk \u003c= 2.0.0p29, and all versions of Checkmk 1.6.0 (EOL) allows an attacker to gain access to the host secret through the unprotected agent updater log file."
}
],
"impacts": [
{
"capecId": "CAPEC-37",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-37 Retrieve Embedded Sensitive Data"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-02-20T16:56:18.397Z",
"orgId": "f7d6281c-4801-44ce-ace2-493291dedb0f",
"shortName": "Tribe29"
},
"references": [
{
"url": "https://checkmk.com/werk/14916"
}
],
"title": "Host secret disclosed in Checkmk logs"
}
},
"cveMetadata": {
"assignerOrgId": "f7d6281c-4801-44ce-ace2-493291dedb0f",
"assignerShortName": "Tribe29",
"cveId": "CVE-2022-48319",
"datePublished": "2023-02-20T16:56:18.397Z",
"dateReserved": "2023-02-08T08:46:54.799Z",
"dateUpdated": "2025-03-12T14:00:50.779Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-22288 (GCVE-0-2023-22288)
Vulnerability from cvelistv5
Published
2023-03-20 15:33
Modified
2025-02-26 19:09
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-138 - Improper Neutralization of Special Elements
Summary
HTML Email Injection in Tribe29 Checkmk <=2.1.0p23; <=2.0.0p34, and all versions of Checkmk 1.6.0 allows an authenticated attacker to inject malicious HTML into Emails
References
| ► | URL | Tags |
|---|---|---|
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T10:07:05.977Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://checkmk.com/werk/15069"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-22288",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-26T19:08:54.536741Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-26T19:09:03.592Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Checkmk",
"vendor": "Tribe29",
"versions": [
{
"lessThanOrEqual": "2.0.0p34",
"status": "affected",
"version": "2.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "2.1.0p23",
"status": "affected",
"version": "2.1.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "1.6.0p30",
"status": "affected",
"version": "1.6.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "HTML Email Injection in Tribe29 Checkmk \u003c=2.1.0p23; \u003c=2.0.0p34, and all versions of Checkmk 1.6.0 allows an authenticated attacker to inject malicious HTML into Emails"
}
],
"impacts": [
{
"capecId": "CAPEC-242",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-242: Code Injection"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-138",
"description": "CWE-138: Improper Neutralization of Special Elements",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-20T15:33:59.877Z",
"orgId": "f7d6281c-4801-44ce-ace2-493291dedb0f",
"shortName": "Tribe29"
},
"references": [
{
"url": "https://checkmk.com/werk/15069"
}
],
"title": "Email HTML Injection"
}
},
"cveMetadata": {
"assignerOrgId": "f7d6281c-4801-44ce-ace2-493291dedb0f",
"assignerShortName": "Tribe29",
"cveId": "CVE-2023-22288",
"datePublished": "2023-03-20T15:33:59.877Z",
"dateReserved": "2023-01-18T15:32:06.397Z",
"dateUpdated": "2025-02-26T19:09:03.592Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-22359 (GCVE-0-2023-22359)
Vulnerability from cvelistv5
Published
2023-06-26 06:51
Modified
2024-08-28 20:25
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-203 - Observable Discrepancy
Summary
User enumeration in Checkmk <=2.2.0p4 allows an authenticated attacker to enumerate usernames.
References
| ► | URL | Tags |
|---|---|---|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T10:07:06.470Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://checkmk.com/werk/15890"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-22359",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-28T20:25:16.139712Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-28T20:25:29.123Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Checkmk",
"vendor": "Tribe29",
"versions": [
{
"lessThanOrEqual": "2.2.0p4",
"status": "affected",
"version": "2.2.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "User enumeration in Checkmk \u003c=2.2.0p4 allows an authenticated attacker to enumerate usernames."
}
],
"impacts": [
{
"capecId": "CAPEC-575",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-575: Account Footprinting"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-203",
"description": "CWE-203: Observable Discrepancy",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-26T09:46:00.200Z",
"orgId": "f7d6281c-4801-44ce-ace2-493291dedb0f",
"shortName": "Checkmk"
},
"references": [
{
"url": "https://checkmk.com/werk/15890"
}
],
"title": "User-enumeration in RestAPI"
}
},
"cveMetadata": {
"assignerOrgId": "f7d6281c-4801-44ce-ace2-493291dedb0f",
"assignerShortName": "Tribe29",
"cveId": "CVE-2023-22359",
"datePublished": "2023-06-26T06:51:24.193Z",
"dateReserved": "2023-01-18T15:32:06.543Z",
"dateUpdated": "2024-08-28T20:25:29.123Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-1768 (GCVE-0-2023-1768)
Vulnerability from cvelistv5
Published
2023-04-04 06:30
Modified
2025-02-11 17:07
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-446 - UI Discrepancy for Security Feature
Summary
Inappropriate error handling in Tribe29 Checkmk <= 2.1.0p25, <= 2.0.0p34, <= 2.2.0b3 (beta), and all versions of Checkmk 1.6.0 causes the symmetric encryption of agent data to fail silently and transmit the data in plaintext in certain configurations.
References
| ► | URL | Tags |
|---|---|---|
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T05:57:25.231Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://checkmk.com/werk/15423"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-1768",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-11T17:06:06.855905Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-11T17:07:22.757Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Checkmk",
"vendor": "Tribe29",
"versions": [
{
"lessThanOrEqual": "2.2.0b3",
"status": "affected",
"version": "2.2.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "2.1.0p25",
"status": "affected",
"version": "2.1.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "2.0.0p34",
"status": "affected",
"version": "2.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "1.6.0p30",
"status": "affected",
"version": "1.6.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Inappropriate error handling in Tribe29 Checkmk \u003c= 2.1.0p25, \u003c= 2.0.0p34, \u003c= 2.2.0b3 (beta), and all versions of Checkmk 1.6.0 causes the symmetric encryption of agent data to fail silently and transmit the data in plaintext in certain configurations."
}
],
"impacts": [
{
"capecId": "CAPEC-651",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-651: Eavesdropping"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 3.7,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-446",
"description": "CWE-446: UI Discrepancy for Security Feature",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-04T06:30:29.538Z",
"orgId": "f7d6281c-4801-44ce-ace2-493291dedb0f",
"shortName": "Tribe29"
},
"references": [
{
"url": "https://checkmk.com/werk/15423"
}
],
"title": "Symmetric agent data encryption fails silently"
}
},
"cveMetadata": {
"assignerOrgId": "f7d6281c-4801-44ce-ace2-493291dedb0f",
"assignerShortName": "Tribe29",
"cveId": "CVE-2023-1768",
"datePublished": "2023-04-04T06:30:29.538Z",
"dateReserved": "2023-03-31T08:10:02.118Z",
"dateUpdated": "2025-02-11T17:07:22.757Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-46303 (GCVE-0-2022-46303)
Vulnerability from cvelistv5
Published
2023-02-20 16:49
Modified
2025-03-12 18:13
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-20 - Improper Input Validation
Summary
Command injection in SMS notifications in Tribe29 Checkmk <= 2.1.0p10, Checkmk <= 2.0.0p27, and Checkmk <= 1.6.0p29 allows an attacker with User Management permissions, as well as LDAP administrators in certain scenarios, to perform arbitrary commands within the context of the application's local permissions.
References
| ► | URL | Tags |
|---|---|---|
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T14:31:45.469Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://checkmk.com/werk/14381"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-46303",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-12T18:13:19.288262Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-12T18:13:23.660Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Checkmk",
"vendor": "Tribe29",
"versions": [
{
"lessThanOrEqual": "2.0.0p27",
"status": "affected",
"version": "2.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "2.1.0p10",
"status": "affected",
"version": "2.1.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "1.6.0p29",
"status": "affected",
"version": "1.6.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Command injection in SMS notifications in Tribe29 Checkmk \u003c= 2.1.0p10, Checkmk \u003c= 2.0.0p27, and Checkmk \u003c= 1.6.0p29 allows an attacker with User Management permissions, as well as LDAP administrators in certain scenarios, to perform arbitrary commands within the context of the application\u0027s local permissions."
}
],
"impacts": [
{
"capecId": "CAPEC-88",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-88 OS Command Injection"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-02-20T16:49:49.961Z",
"orgId": "f7d6281c-4801-44ce-ace2-493291dedb0f",
"shortName": "Tribe29"
},
"references": [
{
"url": "https://checkmk.com/werk/14381"
}
],
"title": "Command injection in SMS notifications"
}
},
"cveMetadata": {
"assignerOrgId": "f7d6281c-4801-44ce-ace2-493291dedb0f",
"assignerShortName": "Tribe29",
"cveId": "CVE-2022-46303",
"datePublished": "2023-02-20T16:49:49.961Z",
"dateReserved": "2023-01-18T15:49:58.122Z",
"dateUpdated": "2025-03-12T18:13:23.660Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-46302 (GCVE-0-2022-46302)
Vulnerability from cvelistv5
Published
2023-04-20 13:06
Modified
2025-02-04 21:43
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-829 - Inclusion of Functionality from Untrusted Control Sphere
Summary
Broad access controls could allow site users to directly interact with the system Apache installation when providing the reverse proxy configurations for Tribe29's Checkmk <= 2.1.0p6, Checkmk <= 2.0.0p27, and all versions of Checkmk 1.6.0 (EOL) allowing an attacker to perform remote code execution with root privileges on the underlying host.
References
| ► | URL | Tags |
|---|---|---|
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T14:31:46.402Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://checkmk.com/werk/14281"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-46302",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-04T21:43:15.215927Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-04T21:43:19.638Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Checkmk",
"vendor": "Tribe29",
"versions": [
{
"lessThanOrEqual": "2.0.0p27",
"status": "affected",
"version": "2.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "2.1.0p6",
"status": "affected",
"version": "2.1.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "1.6.0p30",
"status": "affected",
"version": "1.6.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Jan-Philipp Litza (PLUTEX GmbH)"
}
],
"descriptions": [
{
"lang": "en",
"value": "Broad access controls could allow site users to directly interact with the system Apache installation when providing the reverse proxy configurations for Tribe29\u0027s Checkmk \u003c= 2.1.0p6, Checkmk \u003c= 2.0.0p27, and all versions of Checkmk 1.6.0 (EOL) allowing an attacker to perform remote code execution with root privileges on the underlying host."
}
],
"impacts": [
{
"capecId": "CAPEC-180",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-180 Exploiting Incorrectly Configured Access Control Security Levels"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-829",
"description": "CWE-829 Inclusion of Functionality from Untrusted Control Sphere",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-20T13:06:30.238Z",
"orgId": "f7d6281c-4801-44ce-ace2-493291dedb0f",
"shortName": "Tribe29"
},
"references": [
{
"url": "https://checkmk.com/werk/14281"
}
],
"title": "Remote Code Execution with Root Privileges via Broad Apache Permissions"
}
},
"cveMetadata": {
"assignerOrgId": "f7d6281c-4801-44ce-ace2-493291dedb0f",
"assignerShortName": "Tribe29",
"cveId": "CVE-2022-46302",
"datePublished": "2023-04-20T13:06:30.238Z",
"dateReserved": "2023-01-18T15:49:58.114Z",
"dateUpdated": "2025-02-04T21:43:19.638Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-0284 (GCVE-0-2023-0284)
Vulnerability from cvelistv5
Published
2023-01-24 12:03
Modified
2025-03-27 20:22
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-20 - Improper Input Validation
Summary
Improper Input Validation of LDAP user IDs in Tribe29 Checkmk allows attackers that can control LDAP user IDs to manipulate files on the server. Checkmk <= 2.1.0p19, Checkmk <= 2.0.0p32, and all versions of Checkmk 1.6.0 (EOL) are affected.
References
| ► | URL | Tags |
|---|---|---|
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T05:02:44.148Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://checkmk.com/werk/15181"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-0284",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-27T20:21:51.839182Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-27T20:22:06.041Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Checkmk",
"vendor": "Tribe29",
"versions": [
{
"lessThanOrEqual": "2.0.0p32",
"status": "affected",
"version": "2.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "2.1.0p19",
"status": "affected",
"version": "2.1.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "1.6.0p30",
"status": "affected",
"version": "1.6.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper Input Validation of LDAP user IDs in Tribe29 Checkmk allows attackers that can control LDAP user IDs to manipulate files on the server. Checkmk \u003c= 2.1.0p19, Checkmk \u003c= 2.0.0p32, and all versions of Checkmk 1.6.0 (EOL) are affected."
}
],
"impacts": [
{
"capecId": "CAPEC-153",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-153 Input Data Manipulation"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-01-24T12:03:57.774Z",
"orgId": "f7d6281c-4801-44ce-ace2-493291dedb0f",
"shortName": "Tribe29"
},
"references": [
{
"url": "https://checkmk.com/werk/15181"
}
],
"title": "Improper validation of LDAP user IDs"
}
},
"cveMetadata": {
"assignerOrgId": "f7d6281c-4801-44ce-ace2-493291dedb0f",
"assignerShortName": "Tribe29",
"cveId": "CVE-2023-0284",
"datePublished": "2023-01-24T12:03:57.774Z",
"dateReserved": "2023-01-13T09:42:39.643Z",
"dateUpdated": "2025-03-27T20:22:06.041Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-6735 (GCVE-0-2023-6735)
Vulnerability from cvelistv5
Published
2024-01-12 07:50
Modified
2025-06-03 14:05
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-95 - Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection')
Summary
Privilege escalation in mk_tsm agent plugin in Checkmk before 2.2.0p18, 2.1.0p38 and 2.0.0p39 allows local user to escalate privileges
References
| ► | URL | Tags |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Checkmk GmbH | Checkmk |
Version: 2.2.0 ≤ Version: 2.1.0 ≤ Version: 2.0.0 ≤ 2.0.0p39 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T08:35:14.884Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://checkmk.com/werk/16273"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-6735",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-08T18:45:38.891586Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-03T14:05:30.852Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Checkmk",
"vendor": "Checkmk GmbH",
"versions": [
{
"lessThan": "2.2.0p18",
"status": "affected",
"version": "2.2.0",
"versionType": "semver"
},
{
"lessThan": "2.1.0p38",
"status": "affected",
"version": "2.1.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "2.0.0p39",
"status": "affected",
"version": "2.0.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Privilege escalation in mk_tsm agent plugin in Checkmk before 2.2.0p18, 2.1.0p38 and 2.0.0p39 allows local user to escalate privileges"
}
],
"impacts": [
{
"capecId": "CAPEC-233",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-233 Privilege Escalation"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-95",
"description": "CWE-95: Improper Neutralization of Directives in Dynamically Evaluated Code (\u0027Eval Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-26T09:48:15.939Z",
"orgId": "f7d6281c-4801-44ce-ace2-493291dedb0f",
"shortName": "Checkmk"
},
"references": [
{
"url": "https://checkmk.com/werk/16273"
}
],
"title": "Privilege escalation in mk_tsm"
}
},
"cveMetadata": {
"assignerOrgId": "f7d6281c-4801-44ce-ace2-493291dedb0f",
"assignerShortName": "Checkmk",
"cveId": "CVE-2023-6735",
"datePublished": "2024-01-12T07:50:05.450Z",
"dateReserved": "2023-12-12T15:27:34.769Z",
"dateUpdated": "2025-06-03T14:05:30.852Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-31208 (GCVE-0-2023-31208)
Vulnerability from cvelistv5
Published
2023-05-17 08:24
Modified
2025-01-21 21:07
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-140 - Improper Neutralization of Delimiters
Summary
Improper neutralization of livestatus command delimiters in the RestAPI in Checkmk < 2.0.0p36, < 2.1.0p28, and < 2.2.0b8 (beta) allows arbitrary livestatus command execution for authorized users.
References
| ► | URL | Tags |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Checkmk GmbH | Checkmk |
Version: 2.2.0 ≤ Version: 2.1.0 ≤ Version: 2.0.0 ≤ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T14:45:26.187Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://checkmk.com/werk/15191"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-31208",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-21T21:07:40.332832Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-21T21:07:58.592Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Checkmk",
"vendor": "Checkmk GmbH",
"versions": [
{
"lessThan": "2.2.0b8",
"status": "affected",
"version": "2.2.0",
"versionType": "semver"
},
{
"lessThan": "2.1.0p28",
"status": "affected",
"version": "2.1.0",
"versionType": "semver"
},
{
"lessThan": "2.0.0p36",
"status": "affected",
"version": "2.0.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper neutralization of livestatus command delimiters in the RestAPI in Checkmk \u003c 2.0.0p36, \u003c 2.1.0p28, and \u003c 2.2.0b8 (beta) allows arbitrary livestatus command execution for authorized users."
}
],
"impacts": [
{
"capecId": "CAPEC-15",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-15: Command Delimiters"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 8.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-140",
"description": "CWE-140: Improper Neutralization of Delimiters",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-17T08:24:59.173Z",
"orgId": "f7d6281c-4801-44ce-ace2-493291dedb0f",
"shortName": "Tribe29"
},
"references": [
{
"url": "https://checkmk.com/werk/15191"
}
],
"title": "Livestatus command injection in RestAPI"
}
},
"cveMetadata": {
"assignerOrgId": "f7d6281c-4801-44ce-ace2-493291dedb0f",
"assignerShortName": "Tribe29",
"cveId": "CVE-2023-31208",
"datePublished": "2023-05-17T08:24:59.173Z",
"dateReserved": "2023-04-25T08:49:15.442Z",
"dateUpdated": "2025-01-21T21:07:58.592Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-6740 (GCVE-0-2023-6740)
Vulnerability from cvelistv5
Published
2024-01-12 07:50
Modified
2025-06-03 14:05
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-427 - Uncontrolled Search Path Element
Summary
Privilege escalation in jar_signature agent plugin in Checkmk before 2.2.0p18, 2.1.0p38 and 2.0.0p39 allows local user to escalate privileges
References
| ► | URL | Tags |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Checkmk GmbH | Checkmk |
Version: 2.2.0 ≤ Version: 2.1.0 ≤ Version: 2.0.0 ≤ 2.0.0p39 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T08:42:07.176Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://checkmk.com/werk/16163"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-6740",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-08T15:47:31.576972Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-03T14:05:24.299Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Checkmk",
"vendor": "Checkmk GmbH",
"versions": [
{
"lessThan": "2.2.0p18",
"status": "affected",
"version": "2.2.0",
"versionType": "semver"
},
{
"lessThan": "2.1.0p38",
"status": "affected",
"version": "2.1.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "2.0.0p39",
"status": "affected",
"version": "2.0.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Privilege escalation in jar_signature agent plugin in Checkmk before 2.2.0p18, 2.1.0p38 and 2.0.0p39 allows local user to escalate privileges"
}
],
"impacts": [
{
"capecId": "CAPEC-233",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-233 Privilege Escalation"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-427",
"description": "CWE-427 Uncontrolled Search Path Element",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-12T14:04:33.614Z",
"orgId": "f7d6281c-4801-44ce-ace2-493291dedb0f",
"shortName": "Checkmk"
},
"references": [
{
"url": "https://checkmk.com/werk/16163"
}
],
"title": "Privilege escalation in jar_signature"
}
},
"cveMetadata": {
"assignerOrgId": "f7d6281c-4801-44ce-ace2-493291dedb0f",
"assignerShortName": "Checkmk",
"cveId": "CVE-2023-6740",
"datePublished": "2024-01-12T07:50:20.076Z",
"dateReserved": "2023-12-12T15:55:03.221Z",
"dateUpdated": "2025-06-03T14:05:24.299Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-31211 (GCVE-0-2023-31211)
Vulnerability from cvelistv5
Published
2024-01-12 07:49
Modified
2025-06-17 21:09
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-303 - Incorrect Implementation of Authentication Algorithm
Summary
Insufficient authentication flow in Checkmk before 2.2.0p18, 2.1.0p38 and 2.0.0p39 allows attacker to use locked credentials
References
| ► | URL | Tags |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Checkmk GmbH | Checkmk |
Version: 2.2.0 ≤ Version: 2.1.0 ≤ Version: 2.0.0 ≤ 2.0.0p39 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T14:53:30.666Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://checkmk.com/werk/16227"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-31211",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-01-12T14:44:05.997672Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-17T21:09:17.486Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Checkmk",
"vendor": "Checkmk GmbH",
"versions": [
{
"lessThan": "2.2.0p18",
"status": "affected",
"version": "2.2.0",
"versionType": "semver"
},
{
"lessThan": "2.1.0p38",
"status": "affected",
"version": "2.1.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "2.0.0p39",
"status": "affected",
"version": "2.0.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Insufficient authentication flow in Checkmk before 2.2.0p18, 2.1.0p38 and 2.0.0p39 allows attacker to use locked credentials"
}
],
"impacts": [
{
"capecId": "CAPEC-114",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-114: Authentication Abuse"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-303",
"description": "CWE-303: Incorrect Implementation of Authentication Algorithm",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-26T09:47:23.924Z",
"orgId": "f7d6281c-4801-44ce-ace2-493291dedb0f",
"shortName": "Checkmk"
},
"references": [
{
"url": "https://checkmk.com/werk/16227"
}
],
"title": "Disabled automation users could still authenticate"
}
},
"cveMetadata": {
"assignerOrgId": "f7d6281c-4801-44ce-ace2-493291dedb0f",
"assignerShortName": "Checkmk",
"cveId": "CVE-2023-31211",
"datePublished": "2024-01-12T07:49:45.294Z",
"dateReserved": "2023-04-25T08:49:15.443Z",
"dateUpdated": "2025-06-17T21:09:17.486Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-48318 (GCVE-0-2022-48318)
Vulnerability from cvelistv5
Published
2023-02-20 16:55
Modified
2025-03-12 18:12
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-862 - Missing Authorization
Summary
No authorisation controls in the RestAPI documentation for Tribe29's Checkmk <= 2.1.0p13 and Checkmk <= 2.0.0p29 which may lead to unintended information disclosure through automatically generated user specific tags within Rest API documentation.
References
| ► | URL | Tags |
|---|---|---|
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T15:10:59.801Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://checkmk.com/werk/14509"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-48318",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-12T18:10:45.661098Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-12T18:12:07.460Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Checkmk",
"vendor": "Tribe29",
"versions": [
{
"lessThanOrEqual": "2.0.0p29",
"status": "affected",
"version": "2.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "2.1.0p13",
"status": "affected",
"version": "2.1.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "No authorisation controls in the RestAPI documentation for Tribe29\u0027s Checkmk \u003c= 2.1.0p13 and Checkmk \u003c= 2.0.0p29 which may lead to unintended information disclosure through automatically generated user specific tags within Rest API documentation."
}
],
"impacts": [
{
"capecId": "CAPEC-180",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-180 Exploiting Incorrectly Configured Access Control Security Levels"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862 Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-02-20T16:55:53.162Z",
"orgId": "f7d6281c-4801-44ce-ace2-493291dedb0f",
"shortName": "Tribe29"
},
"references": [
{
"url": "https://checkmk.com/werk/14509"
}
],
"title": "Insecure access control mechanisms for RestAPI documentation"
}
},
"cveMetadata": {
"assignerOrgId": "f7d6281c-4801-44ce-ace2-493291dedb0f",
"assignerShortName": "Tribe29",
"cveId": "CVE-2022-48318",
"datePublished": "2023-02-20T16:55:53.162Z",
"dateReserved": "2023-02-08T08:46:54.799Z",
"dateUpdated": "2025-03-12T18:12:07.460Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-48321 (GCVE-0-2022-48321)
Vulnerability from cvelistv5
Published
2023-02-20 16:54
Modified
2024-08-03 15:10
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-20 - Improper Input Validation
Summary
Limited Server-Side Request Forgery (SSRF) in agent-receiver in Tribe29's Checkmk <= 2.1.0p11 allows an attacker to communicate with local network restricted endpoints by use of the host registration API.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T15:10:59.655Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://checkmk.com/werk/14385"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.sonarsource.com/blog/checkmk-rce-chain-1/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Checkmk",
"vendor": "Tribe29",
"versions": [
{
"lessThanOrEqual": "2.1.0p11",
"status": "affected",
"version": "2.1.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Stefan Schiller (SonarSource)"
}
],
"descriptions": [
{
"lang": "en",
"value": "Limited Server-Side Request Forgery (SSRF) in agent-receiver in Tribe29\u0027s Checkmk \u003c= 2.1.0p11 allows an attacker to communicate with local network restricted endpoints by use of the host registration API."
}
],
"impacts": [
{
"capecId": "CAPEC-664",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-664 Server Side Request Forgery"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-24T12:48:50.741Z",
"orgId": "f7d6281c-4801-44ce-ace2-493291dedb0f",
"shortName": "Checkmk"
},
"references": [
{
"url": "https://checkmk.com/werk/14385"
},
{
"url": "https://www.sonarsource.com/blog/checkmk-rce-chain-1/"
}
],
"title": "SSRF in agent-receiver API"
}
},
"cveMetadata": {
"assignerOrgId": "f7d6281c-4801-44ce-ace2-493291dedb0f",
"assignerShortName": "Tribe29",
"cveId": "CVE-2022-48321",
"datePublished": "2023-02-20T16:54:44.369Z",
"dateReserved": "2023-02-08T08:46:54.800Z",
"dateUpdated": "2024-08-03T15:10:59.655Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-48317 (GCVE-0-2022-48317)
Vulnerability from cvelistv5
Published
2023-02-20 16:55
Modified
2025-03-12 18:12
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-613 - Insufficient Session Expiration
Summary
Expired sessions were not securely terminated in the RestAPI for Tribe29's Checkmk <= 2.1.0p10 and Checkmk <= 2.0.0p28 allowing an attacker to use expired session tokens when communicating with the RestAPI.
References
| ► | URL | Tags |
|---|---|---|
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T15:10:59.718Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://checkmk.com/werk/14485"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-48317",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-12T18:12:35.724507Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-12T18:12:47.322Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Checkmk",
"vendor": "Tribe29",
"versions": [
{
"lessThanOrEqual": "2.0.0p28",
"status": "affected",
"version": "2.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "2.1.0p10",
"status": "affected",
"version": "2.1.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Expired sessions were not securely terminated in the RestAPI for Tribe29\u0027s Checkmk \u003c= 2.1.0p10 and Checkmk \u003c= 2.0.0p28 allowing an attacker to use expired session tokens when communicating with the RestAPI."
}
],
"impacts": [
{
"capecId": "CAPEC-180",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-180 Exploiting Incorrectly Configured Access Control Security Levels"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-613",
"description": "CWE-613 Insufficient Session Expiration",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-02-20T16:55:28.000Z",
"orgId": "f7d6281c-4801-44ce-ace2-493291dedb0f",
"shortName": "Tribe29"
},
"references": [
{
"url": "https://checkmk.com/werk/14485"
}
],
"title": "Insecure Termination of RestAPI Session Tokens"
}
},
"cveMetadata": {
"assignerOrgId": "f7d6281c-4801-44ce-ace2-493291dedb0f",
"assignerShortName": "Tribe29",
"cveId": "CVE-2022-48317",
"datePublished": "2023-02-20T16:55:28.000Z",
"dateReserved": "2023-02-08T08:46:54.799Z",
"dateUpdated": "2025-03-12T18:12:47.322Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-4884 (GCVE-0-2022-4884)
Vulnerability from cvelistv5
Published
2023-01-09 16:11
Modified
2025-04-08 18:46
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Summary
Path-Traversal in MKP storing in Tribe29 Checkmk <=2.0.0p32 and <= 2.1.0p18 allows an administrator to write mkp files to arbitrary locations via a malicious mkp file.
References
| ► | URL | Tags |
|---|---|---|
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T01:55:45.820Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://checkmk.com/werk/15065"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-4884",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-08T18:45:52.807031Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-08T18:46:15.013Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Checkmk",
"vendor": "Tribe29",
"versions": [
{
"lessThanOrEqual": "2.0.0p32",
"status": "affected",
"version": "2.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "2.1.0p18",
"status": "affected",
"version": "2.1.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "1.6.0p30",
"status": "unaffected",
"version": "1.6.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Niko Wenselowski (SVA)"
}
],
"descriptions": [
{
"lang": "en",
"value": "Path-Traversal in MKP storing in Tribe29 Checkmk \u003c=2.0.0p32 and \u003c= 2.1.0p18 allows an administrator to write mkp files to arbitrary locations via a malicious mkp file."
}
],
"impacts": [
{
"capecId": "CAPEC-165",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-165 File Manipulation"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 3.5,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-01-11T10:41:01.356Z",
"orgId": "f7d6281c-4801-44ce-ace2-493291dedb0f",
"shortName": "Tribe29"
},
"references": [
{
"url": "https://checkmk.com/werk/15065"
}
],
"title": "Path-Traversal in MKP storing"
}
},
"cveMetadata": {
"assignerOrgId": "f7d6281c-4801-44ce-ace2-493291dedb0f",
"assignerShortName": "Tribe29",
"cveId": "CVE-2022-4884",
"datePublished": "2023-01-09T16:11:16.227Z",
"dateReserved": "2023-01-09T12:41:19.246Z",
"dateUpdated": "2025-04-08T18:46:15.013Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-40905 (GCVE-0-2021-40905)
Vulnerability from cvelistv5
Published
2022-03-25 22:20
Modified
2024-08-04 02:51
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The web management console of CheckMK Enterprise Edition (versions 1.5.0 to 2.0.0p9) does not properly sanitise the uploading of ".mkp" files, which are Extension Packages, making remote code execution possible. Successful exploitation requires access to the web management interface, either with valid credentials or with a hijacked session of a user with administrator role. NOTE: the vendor states that this is the intended behavior: admins are supposed to be able to execute code in this manner
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:tribe29:checkmk:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "checkmk",
"vendor": "tribe29",
"versions": [
{
"lessThan": "2.0.0p9",
"status": "affected",
"version": "1.5.0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2021-40905",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-18T14:50:40.204134Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-434",
"description": "CWE-434 Unrestricted Upload of File with Dangerous Type",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-18T15:09:41.491Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-04T02:51:07.760Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://checkmk.com"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/Edgarloyola/CVE-2021-40905"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The web management console of CheckMK Enterprise Edition (versions 1.5.0 to 2.0.0p9) does not properly sanitise the uploading of \".mkp\" files, which are Extension Packages, making remote code execution possible. Successful exploitation requires access to the web management interface, either with valid credentials or with a hijacked session of a user with administrator role. NOTE: the vendor states that this is the intended behavior: admins are supposed to be able to execute code in this manner"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-30T13:09:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://checkmk.com"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/Edgarloyola/CVE-2021-40905"
}
],
"tags": [
"disputed"
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-40905",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** DISPUTED ** The web management console of CheckMK Enterprise Edition (versions 1.5.0 to 2.0.0p9) does not properly sanitise the uploading of \".mkp\" files, which are Extension Packages, making remote code execution possible. Successful exploitation requires access to the web management interface, either with valid credentials or with a hijacked session of a user with administrator role. NOTE: the vendor states that this is the intended behavior: admins are supposed to be able to execute code in this manner."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://checkmk.com",
"refsource": "MISC",
"url": "http://checkmk.com"
},
{
"name": "https://github.com/Edgarloyola/CVE-2021-40905",
"refsource": "MISC",
"url": "https://github.com/Edgarloyola/CVE-2021-40905"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-40905",
"datePublished": "2022-03-25T22:20:01",
"dateReserved": "2021-09-13T00:00:00",
"dateUpdated": "2024-08-04T02:51:07.760Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-47909 (GCVE-0-2022-47909)
Vulnerability from cvelistv5
Published
2023-02-20 16:53
Modified
2024-08-03 15:02
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-20 - Improper Input Validation
Summary
Livestatus Query Language (LQL) injection in the AuthUser HTTP query header of Tribe29's Checkmk <= 2.1.0p11, Checkmk <= 2.0.0p28, and all versions of Checkmk 1.6.0 (EOL) allows an attacker to perform direct queries to the application's core from localhost.
References
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T15:02:36.627Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://checkmk.com/werk/14384"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.sonarsource.com/blog/checkmk-rce-chain-1/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Checkmk",
"vendor": "Tribe29",
"versions": [
{
"lessThanOrEqual": "2.0.0p28",
"status": "affected",
"version": "2.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "2.1.0p11",
"status": "affected",
"version": "2.1.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "1.6.0p30",
"status": "affected",
"version": "1.6.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Stefan Schiller (SonarSource)"
}
],
"descriptions": [
{
"lang": "en",
"value": "Livestatus Query Language (LQL) injection in the AuthUser HTTP query header of\u00a0Tribe29\u0027s Checkmk \u003c= 2.1.0p11, Checkmk \u003c= 2.0.0p28, and all versions of Checkmk 1.6.0 (EOL) allows an attacker to perform direct queries to the application\u0027s core from localhost."
}
],
"impacts": [
{
"capecId": "CAPEC-6",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-6 Argument Injection"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-24T12:48:30.803Z",
"orgId": "f7d6281c-4801-44ce-ace2-493291dedb0f",
"shortName": "Checkmk"
},
"references": [
{
"url": "https://checkmk.com/werk/14384"
},
{
"url": "https://www.sonarsource.com/blog/checkmk-rce-chain-1/"
}
],
"title": "LQL Injection in Livestatus HTTP headers"
}
},
"cveMetadata": {
"assignerOrgId": "f7d6281c-4801-44ce-ace2-493291dedb0f",
"assignerShortName": "Tribe29",
"cveId": "CVE-2022-47909",
"datePublished": "2023-02-20T16:53:37.606Z",
"dateReserved": "2023-01-18T15:49:58.108Z",
"dateUpdated": "2024-08-03T15:02:36.627Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-22348 (GCVE-0-2023-22348)
Vulnerability from cvelistv5
Published
2023-05-17 15:51
Modified
2025-01-22 16:47
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-285 - Improper Authorization
Summary
Improper Authorization in RestAPI in Checkmk GmbH's Checkmk versions <2.1.0p28 and <2.2.0b8 allows remote authenticated users to read arbitrary host_configs.
References
| ► | URL | Tags |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Checkmk GmbH | Checkmk |
Version: 2.2.0 ≤ Version: 2.1.0 ≤ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T10:07:06.244Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://checkmk.com/werk/13982"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-22348",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-22T16:47:28.652373Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-22T16:47:31.132Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Checkmk",
"vendor": "Checkmk GmbH",
"versions": [
{
"lessThan": "2.2.0b8",
"status": "affected",
"version": "2.2.0",
"versionType": "semver"
},
{
"lessThan": "2.1.0p28",
"status": "affected",
"version": "2.1.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper Authorization in RestAPI in Checkmk GmbH\u0027s Checkmk versions \u003c2.1.0p28 and \u003c2.2.0b8 allows remote authenticated users to read arbitrary host_configs."
}
],
"impacts": [
{
"capecId": "CAPEC-54",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-54: Query System for Information"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-285",
"description": "CWE-285: Improper Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-17T15:51:54.376Z",
"orgId": "f7d6281c-4801-44ce-ace2-493291dedb0f",
"shortName": "Tribe29"
},
"references": [
{
"url": "https://checkmk.com/werk/13982"
}
],
"title": "Reading host_configs does not honour contact groups"
}
},
"cveMetadata": {
"assignerOrgId": "f7d6281c-4801-44ce-ace2-493291dedb0f",
"assignerShortName": "Tribe29",
"cveId": "CVE-2023-22348",
"datePublished": "2023-05-17T15:51:54.376Z",
"dateReserved": "2023-01-18T15:32:06.534Z",
"dateUpdated": "2025-01-22T16:47:31.132Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-2020 (GCVE-0-2023-2020)
Vulnerability from cvelistv5
Published
2023-04-18 11:09
Modified
2025-02-05 15:48
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-280 - Improper Handling of Insufficient Permissions or Privileges
Summary
Insufficient permission checks in the REST API in Tribe29 Checkmk <= 2.1.0p27 and <= 2.2.0b4 (beta) allow unauthorized users to schedule downtimes for any host.
References
| ► | URL | Tags |
|---|---|---|
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T06:12:19.531Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://checkmk.com/werk/13981"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-2020",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-05T15:48:04.310630Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-05T15:48:19.218Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Checkmk",
"vendor": "Tribe29",
"versions": [
{
"lessThanOrEqual": "2.2.0b4",
"status": "affected",
"version": "2.2.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "2.1.0p27",
"status": "affected",
"version": "2.1.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Insufficient permission checks in the REST API in Tribe29 Checkmk \u003c= 2.1.0p27 and \u003c= 2.2.0b4 (beta) allow unauthorized users to schedule downtimes for any host."
}
],
"impacts": [
{
"capecId": "CAPEC-122",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-122: Privilege Abuse"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-280",
"description": "CWE-280: Improper Handling of Insufficient Permissions or Privileges",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-18T11:09:09.107Z",
"orgId": "f7d6281c-4801-44ce-ace2-493291dedb0f",
"shortName": "Tribe29"
},
"references": [
{
"url": "https://checkmk.com/werk/13981"
}
],
"title": "Unauthorized scheduling of downtimes via REST API"
}
},
"cveMetadata": {
"assignerOrgId": "f7d6281c-4801-44ce-ace2-493291dedb0f",
"assignerShortName": "Tribe29",
"cveId": "CVE-2023-2020",
"datePublished": "2023-04-18T11:09:09.107Z",
"dateReserved": "2023-04-13T08:38:39.338Z",
"dateUpdated": "2025-02-05T15:48:19.218Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-31209 (GCVE-0-2023-31209)
Vulnerability from cvelistv5
Published
2023-08-10 08:14
Modified
2024-08-28 20:24
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Summary
Improper neutralization of active check command arguments in Checkmk < 2.1.0p32, < 2.0.0p38, < 2.2.0p4 leads to arbitrary command execution for authenticated users.
References
| ► | URL | Tags |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Checkmk GmbH | Checkmk |
Version: 2.2.0 ≤ Version: 2.1.0 ≤ Version: 2.0.0 ≤ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T14:53:30.688Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://checkmk.com/werk/15194"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-31209",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-28T20:23:39.698795Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-28T20:24:16.728Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Checkmk",
"vendor": "Checkmk GmbH",
"versions": [
{
"lessThan": "2.2.0p4",
"status": "affected",
"version": "2.2.0",
"versionType": "semver"
},
{
"lessThan": "2.1.0p32",
"status": "affected",
"version": "2.1.0",
"versionType": "semver"
},
{
"lessThan": "2.0.0p38",
"status": "affected",
"version": "2.0.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper neutralization of active check command arguments in Checkmk \u003c 2.1.0p32, \u003c 2.0.0p38, \u003c 2.2.0p4 leads to arbitrary command execution for authenticated users."
}
],
"impacts": [
{
"capecId": "CAPEC-6",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-6: Argument Injection"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78: Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-26T09:47:02.416Z",
"orgId": "f7d6281c-4801-44ce-ace2-493291dedb0f",
"shortName": "Checkmk"
},
"references": [
{
"url": "https://checkmk.com/werk/15194"
}
],
"title": "Command injection via active checks and REST API"
}
},
"cveMetadata": {
"assignerOrgId": "f7d6281c-4801-44ce-ace2-493291dedb0f",
"assignerShortName": "Tribe29",
"cveId": "CVE-2023-31209",
"datePublished": "2023-08-10T08:14:12.067Z",
"dateReserved": "2023-04-25T08:49:15.443Z",
"dateUpdated": "2024-08-28T20:24:16.728Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-33912 (GCVE-0-2022-33912)
Vulnerability from cvelistv5
Published
2022-06-17 06:47
Modified
2024-08-03 08:09
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
A permission issue affects users that deployed the shipped version of the Checkmk Debian package. Packages created by the agent bakery (enterprise editions only) were not affected. Using the shipped version of the agents, the maintainer scripts located at /var/lib/dpkg/info/ will be owned by the user and the group with ID 1001. If such a user exists on the system, they can change the content of these files (which are then executed by root). This leads to a local privilege escalation on the monitored host. Version 1.6 through 1.6.9p29, version 2.0 through 2.0.0p26, version 2.1 through 2.1.0p3, and version 2.2.0i1 are affected.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T08:09:22.698Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://checkmk.com/werk/14098"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A permission issue affects users that deployed the shipped version of the Checkmk Debian package. Packages created by the agent bakery (enterprise editions only) were not affected. Using the shipped version of the agents, the maintainer scripts located at /var/lib/dpkg/info/ will be owned by the user and the group with ID 1001. If such a user exists on the system, they can change the content of these files (which are then executed by root). This leads to a local privilege escalation on the monitored host. Version 1.6 through 1.6.9p29, version 2.0 through 2.0.0p26, version 2.1 through 2.1.0p3, and version 2.2.0i1 are affected."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-17T06:47:38",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://checkmk.com/werk/14098"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-33912",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A permission issue affects users that deployed the shipped version of the Checkmk Debian package. Packages created by the agent bakery (enterprise editions only) were not affected. Using the shipped version of the agents, the maintainer scripts located at /var/lib/dpkg/info/ will be owned by the user and the group with ID 1001. If such a user exists on the system, they can change the content of these files (which are then executed by root). This leads to a local privilege escalation on the monitored host. Version 1.6 through 1.6.9p29, version 2.0 through 2.0.0p26, version 2.1 through 2.1.0p3, and version 2.2.0i1 are affected."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://checkmk.com/werk/14098",
"refsource": "MISC",
"url": "https://checkmk.com/werk/14098"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-33912",
"datePublished": "2022-06-17T06:47:38",
"dateReserved": "2022-06-17T00:00:00",
"dateUpdated": "2024-08-03T08:09:22.698Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-46836 (GCVE-0-2022-46836)
Vulnerability from cvelistv5
Published
2023-02-20 16:52
Modified
2024-08-03 14:39
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-20 - Improper Input Validation
Summary
PHP code injection in watolib auth.php and hosttags.php in Tribe29's Checkmk <= 2.1.0p10, Checkmk <= 2.0.0p27, and Checkmk <= 1.6.0p29 allows an attacker to inject and execute PHP code which will be executed upon request of the vulnerable component.
References
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T14:39:39.053Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://checkmk.com/werk/14383"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.sonarsource.com/blog/checkmk-rce-chain-3/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Checkmk",
"vendor": "Tribe29",
"versions": [
{
"lessThanOrEqual": "2.0.0p27",
"status": "affected",
"version": "2.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "2.1.0p10",
"status": "affected",
"version": "2.1.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "1.6.0p29",
"status": "affected",
"version": "1.6.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Stefan Schiller (SonarSource)"
}
],
"descriptions": [
{
"lang": "en",
"value": "PHP code injection in watolib auth.php and hosttags.php in Tribe29\u0027s Checkmk \u003c= 2.1.0p10, Checkmk \u003c= 2.0.0p27, and Checkmk \u003c= 1.6.0p29 allows an attacker to inject and execute PHP code which will be executed upon request of the vulnerable component."
}
],
"impacts": [
{
"capecId": "CAPEC-242",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-242 Code Injection"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-24T12:47:39.295Z",
"orgId": "f7d6281c-4801-44ce-ace2-493291dedb0f",
"shortName": "Checkmk"
},
"references": [
{
"url": "https://checkmk.com/werk/14383"
},
{
"url": "https://www.sonarsource.com/blog/checkmk-rce-chain-3/"
}
],
"title": "PHP code injection in watolib"
}
},
"cveMetadata": {
"assignerOrgId": "f7d6281c-4801-44ce-ace2-493291dedb0f",
"assignerShortName": "Tribe29",
"cveId": "CVE-2022-46836",
"datePublished": "2023-02-20T16:52:56.912Z",
"dateReserved": "2023-01-18T15:49:58.118Z",
"dateUpdated": "2024-08-03T14:39:39.053Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2023-04-18 19:15
Modified
2024-11-21 07:44
Severity ?
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
Privilege escalation in Tribe29 Checkmk Appliance before 1.6.4 allows authenticated site users to escalate privileges via incorrectly set permissions.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| security@checkmk.com | https://checkmk.com/werk/9520 | Mitigation, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://checkmk.com/werk/9520 | Mitigation, Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:tribe29:checkmk:*:*:*:*:*:*:*:*",
"matchCriteriaId": "741B2415-D163-4794-9769-C31EE1FCB7F2",
"versionEndExcluding": "1.6.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Privilege escalation in Tribe29 Checkmk Appliance before 1.6.4 allows authenticated site users to escalate privileges via incorrectly set permissions."
}
],
"id": "CVE-2023-22294",
"lastModified": "2024-11-21T07:44:28.370",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "security@checkmk.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-04-18T19:15:07.057",
"references": [
{
"source": "security@checkmk.com",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "https://checkmk.com/werk/9520"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "https://checkmk.com/werk/9520"
}
],
"sourceIdentifier": "security@checkmk.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-732"
}
],
"source": "security@checkmk.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-732"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-06-17 13:15
Modified
2024-11-21 07:08
Severity ?
Summary
A permission issue affects users that deployed the shipped version of the Checkmk Debian package. Packages created by the agent bakery (enterprise editions only) were not affected. Using the shipped version of the agents, the maintainer scripts located at /var/lib/dpkg/info/ will be owned by the user and the group with ID 1001. If such a user exists on the system, they can change the content of these files (which are then executed by root). This leads to a local privilege escalation on the monitored host. Version 1.6 through 1.6.9p29, version 2.0 through 2.0.0p26, version 2.1 through 2.1.0p3, and version 2.2.0i1 are affected.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://checkmk.com/werk/14098 | Mitigation, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://checkmk.com/werk/14098 | Mitigation, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:checkmk:checkmk:1.6.0:-:*:*:*:*:*:*",
"matchCriteriaId": "5D63367A-3B90-462E-B6AD-1CB5721FD45E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:1.6.0:b1:*:*:*:*:*:*",
"matchCriteriaId": "E5E2E954-B3C3-4CC0-B2C8-0E2BEEC93016",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:1.6.0:b10:*:*:*:*:*:*",
"matchCriteriaId": "1638594A-84F1-44F6-BB30-D4CC73ECDA38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:1.6.0:b12:*:*:*:*:*:*",
"matchCriteriaId": "7B2757BF-E3B7-487A-8929-0208D3B0D3CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:1.6.0:b3:*:*:*:*:*:*",
"matchCriteriaId": "F01E79D2-EFA4-4A7E-A286-3E86F52B429D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:1.6.0:b4:*:*:*:*:*:*",
"matchCriteriaId": "D12A6070-0542-4293-AE13-85D4E81E1672",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:1.6.0:b5:*:*:*:*:*:*",
"matchCriteriaId": "6AF633FE-DE7C-4548-9ED2-880E915FC33C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:1.6.0:b9:*:*:*:*:*:*",
"matchCriteriaId": "F15190EF-E3F5-4AD1-B748-C0E63C8CB741",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:1.6.0:p1:*:*:*:*:*:*",
"matchCriteriaId": "30F84B89-7EC6-44E6-A164-4C170379D55C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:1.6.0:p10:*:*:*:*:*:*",
"matchCriteriaId": "DDA94D2F-F27C-4DF6-84AE-8ED1BBC7F61E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:1.6.0:p11:*:*:*:*:*:*",
"matchCriteriaId": "71CF8EFD-17F6-4D9A-961A-4B949A6C8B61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:1.6.0:p12:*:*:*:*:*:*",
"matchCriteriaId": "B04DC2A8-CF05-4FB2-AE2F-AE07943B998D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:1.6.0:p13:*:*:*:*:*:*",
"matchCriteriaId": "1F3BECA6-983C-436E-A635-4E1FB9080E56",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:1.6.0:p14:*:*:*:*:*:*",
"matchCriteriaId": "51A9A2B4-3693-490A-94E2-64E1DB795646",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:1.6.0:p15:*:*:*:*:*:*",
"matchCriteriaId": "C14AB385-8A9F-46FA-A1C5-4A4A45C1B7F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:1.6.0:p16:*:*:*:*:*:*",
"matchCriteriaId": "EC41CC5F-F088-4E65-B076-35665F0F6C7E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:1.6.0:p19:*:*:*:*:*:*",
"matchCriteriaId": "EC636B76-B050-4B73-A524-21862B020797",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:1.6.0:p2:*:*:*:*:*:*",
"matchCriteriaId": "D49B1D63-8FDD-45FD-99F0-AA9E4FBCCB00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:1.6.0:p20:*:*:*:*:*:*",
"matchCriteriaId": "8AFA4AF4-8395-4BBB-BA78-7116AC1DCDE7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:1.6.0:p21:*:*:*:*:*:*",
"matchCriteriaId": "5565C1C5-5C23-4449-AB87-49A304382387",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:1.6.0:p22:*:*:*:*:*:*",
"matchCriteriaId": "78320525-F346-4419-81E3-4A47BD17C808",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:1.6.0:p23:*:*:*:*:*:*",
"matchCriteriaId": "EA91018D-DA38-4026-9F47-383F16C85031",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:1.6.0:p24:*:*:*:*:*:*",
"matchCriteriaId": "E8DBEF67-A9AE-46D5-89D0-076CDB1AA06A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:1.6.0:p25:*:*:*:*:*:*",
"matchCriteriaId": "63E87316-1CB2-4CF4-B379-4284C8C39053",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:1.6.0:p26:*:*:*:*:*:*",
"matchCriteriaId": "75925C19-FBF4-4908-B8AD-E19E13B665DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:1.6.0:p27:*:*:*:*:*:*",
"matchCriteriaId": "66FC7193-674F-42AA-8064-93786B5474C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:1.6.0:p28:*:*:*:*:*:*",
"matchCriteriaId": "94BBC4B2-8AE6-4CCC-B194-5A4F9335AA84",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:1.6.0:p29:*:*:*:*:*:*",
"matchCriteriaId": "438E3BD0-93B3-4687-9E85-A08A5545FEB8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:-:*:*:*:*:*:*",
"matchCriteriaId": "F8EDFDCA-0778-4540-B1D5-D3A986258028",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:b1:*:*:*:*:*:*",
"matchCriteriaId": "54031390-D7E7-4A14-AA2F-923768B3685F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:b2:*:*:*:*:*:*",
"matchCriteriaId": "F1B7E35F-5A07-424E-AA09-AC54104D612B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:b3:*:*:*:*:*:*",
"matchCriteriaId": "8D4AC302-C8F5-4A2B-A73A-982D0AA2495A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:b4:*:*:*:*:*:*",
"matchCriteriaId": "7A058C71-C39E-4109-B570-4A061013D033",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:b5:*:*:*:*:*:*",
"matchCriteriaId": "22BCFA79-B3D6-4FFF-A3D3-8C4C97AF17C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:b6:*:*:*:*:*:*",
"matchCriteriaId": "2A1703D9-8EEB-432D-90E2-F847CDC4C204",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:b7:*:*:*:*:*:*",
"matchCriteriaId": "1A4C72BA-6D78-4911-83E4-4DABB2CAC47F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:b8:*:*:*:*:*:*",
"matchCriteriaId": "081FD127-1066-4019-B521-9FADB85DBD4A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:p1:*:*:*:*:*:*",
"matchCriteriaId": "357240B1-F0DA-4FA8-B782-D998951F4B54",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:p10:*:*:*:*:*:*",
"matchCriteriaId": "2F828F54-04E2-4B98-91A7-B09ED833E88B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:p11:*:*:*:*:*:*",
"matchCriteriaId": "A4B8B300-8264-40AB-A839-7EACB988163B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:p12:*:*:*:*:*:*",
"matchCriteriaId": "EB76A8DF-C870-482F-A488-DB2917ABD971",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:p13:*:*:*:*:*:*",
"matchCriteriaId": "04947B1B-CF67-4C11-8FE3-6C17FD35E2EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:p14:*:*:*:*:*:*",
"matchCriteriaId": "591AEC3C-2F48-4E91-9881-42EEDD039C5D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:p15:*:*:*:*:*:*",
"matchCriteriaId": "C5CA04C8-2C80-4C7E-B329-3FFCBEDEE663",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:p16:*:*:*:*:*:*",
"matchCriteriaId": "47A1C5AC-C8B7-495A-A5F4-CD4790358A2E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:p17:*:*:*:*:*:*",
"matchCriteriaId": "B87D8B46-5B04-460D-BBA1-BB19234DA19D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:p18:*:*:*:*:*:*",
"matchCriteriaId": "C59EA30A-0B7D-4E58-A503-8C2F16B45004",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:p19:*:*:*:*:*:*",
"matchCriteriaId": "F2849E4C-09D1-48A5-B28E-F7A4CD3E8967",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:p2:*:*:*:*:*:*",
"matchCriteriaId": "F1E5549E-3272-478D-85D0-6F53EE731183",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:p20:*:*:*:*:*:*",
"matchCriteriaId": "CD0EA35B-EBFF-4E6F-BD2E-4BE165E81A3F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:p21:*:*:*:*:*:*",
"matchCriteriaId": "3F2C76F2-D457-4C7C-BE76-515CA45CA161",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:p22:*:*:*:*:*:*",
"matchCriteriaId": "0E5A374E-56C5-4EBA-967C-CDFE6A967DFD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:p23:*:*:*:*:*:*",
"matchCriteriaId": "7D4568F0-8CCD-4517-B4E9-7E2CA228D659",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:p24:*:*:*:*:*:*",
"matchCriteriaId": "96893FF5-B85E-45AF-9020-5D767E954D6D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:p25:*:*:*:*:*:*",
"matchCriteriaId": "425ABB56-3A2E-40E3-9701-E638F16E6ADD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:p26:*:*:*:*:*:*",
"matchCriteriaId": "9EEF6054-B3B5-4AAC-B24B-147A38564992",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.1.0:b1:*:*:*:*:*:*",
"matchCriteriaId": "1E6FCE7B-7ECE-42A4-82C5-12A647B0CCC8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.1.0:b2:*:*:*:*:*:*",
"matchCriteriaId": "923AA113-D5E7-4F78-88BA-B72EF250F3EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.1.0:b3:*:*:*:*:*:*",
"matchCriteriaId": "B1984F57-A313-48AC-B8F9-F352D82824D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.1.0:b4:*:*:*:*:*:*",
"matchCriteriaId": "A38DB527-72A6-40B8-B46F-B8E78BFFDB1F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.1.0:b5:*:*:*:*:*:*",
"matchCriteriaId": "67643E11-91A1-4580-BC4C-574074C862CB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.1.0:b6:*:*:*:*:*:*",
"matchCriteriaId": "350B7E0F-D234-4D7C-91E4-F35E73579A24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.1.0:b7:*:*:*:*:*:*",
"matchCriteriaId": "DE58ACA9-8078-46A7-8487-C06E4E38F372",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.1.0:b8:*:*:*:*:*:*",
"matchCriteriaId": "B3D8CF4D-E1F8-4D8D-A8A9-1783CAC869E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.1.0:b9:*:*:*:*:*:*",
"matchCriteriaId": "58B0B051-7D3C-4EC7-96B0-38A1CC108D61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.1.0:p1:*:*:*:*:*:*",
"matchCriteriaId": "B783A741-AAF2-43EE-8272-9239133A01E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.1.0:p2:*:*:*:*:*:*",
"matchCriteriaId": "4DA8F776-A724-48FC-B7EF-13788BC69753",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.1.0:p3:*:*:*:*:*:*",
"matchCriteriaId": "076463AA-195F-4CD6-861B-72FE1C8A407F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.2.0:i1:*:*:*:*:*:*",
"matchCriteriaId": "4F0B99A8-A124-43BD-B8AA-EECC9112346F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tribe29:checkmk:1.6.0b10:*:*:*:*:*:*:*",
"matchCriteriaId": "3EE29788-9815-47C5-88CC-039E82348482",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tribe29:checkmk:1.6.0b11:*:*:*:*:*:*:*",
"matchCriteriaId": "AF943CDA-131A-4951-9281-C0F7711C511B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A permission issue affects users that deployed the shipped version of the Checkmk Debian package. Packages created by the agent bakery (enterprise editions only) were not affected. Using the shipped version of the agents, the maintainer scripts located at /var/lib/dpkg/info/ will be owned by the user and the group with ID 1001. If such a user exists on the system, they can change the content of these files (which are then executed by root). This leads to a local privilege escalation on the monitored host. Version 1.6 through 1.6.9p29, version 2.0 through 2.0.0p26, version 2.1 through 2.1.0p3, and version 2.2.0i1 are affected."
},
{
"lang": "es",
"value": "Un problema de permisos afecta a los usuarios que desplegaron la versi\u00f3n enviada del paquete Checkmk de Debian. Los paquetes creados por la panader\u00eda de agentes (s\u00f3lo ediciones empresariales) no estuvieron afectados. usando la versi\u00f3n enviada de los agentes, los scripts de mantenimiento ubicados en /var/lib/dpkg/info/ ser\u00e1n propiedad del usuario y del grupo con ID 1001. Si dicho usuario se presenta en el sistema, puede cambiar el contenido de estos archivos (que luego son ejecutados por root). Esto conlleva a una escalada de privilegios local en el host monitorizado. Est\u00e1n afectadas las versiones 1.6 a 1.6.9p29, 2.0 a 2.0p26, 2.1 a 2.1.0p3 y 2.2.0i1"
}
],
"id": "CVE-2022-33912",
"lastModified": "2024-11-21T07:08:35.483",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-06-17T13:15:16.937",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "https://checkmk.com/werk/14098"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "https://checkmk.com/werk/14098"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-276"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-03-20 16:15
Modified
2024-11-21 07:44
Severity ?
4.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:N/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
HTML Email Injection in Tribe29 Checkmk <=2.1.0p23; <=2.0.0p34, and all versions of Checkmk 1.6.0 allows an authenticated attacker to inject malicious HTML into Emails
References
| ▶ | URL | Tags | |
|---|---|---|---|
| security@checkmk.com | https://checkmk.com/werk/15069 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://checkmk.com/werk/15069 | Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:-:*:*:*:*:*:*",
"matchCriteriaId": "F8EDFDCA-0778-4540-B1D5-D3A986258028",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:b1:*:*:*:*:*:*",
"matchCriteriaId": "54031390-D7E7-4A14-AA2F-923768B3685F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:b2:*:*:*:*:*:*",
"matchCriteriaId": "F1B7E35F-5A07-424E-AA09-AC54104D612B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:b3:*:*:*:*:*:*",
"matchCriteriaId": "8D4AC302-C8F5-4A2B-A73A-982D0AA2495A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:b4:*:*:*:*:*:*",
"matchCriteriaId": "7A058C71-C39E-4109-B570-4A061013D033",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:b5:*:*:*:*:*:*",
"matchCriteriaId": "22BCFA79-B3D6-4FFF-A3D3-8C4C97AF17C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:b6:*:*:*:*:*:*",
"matchCriteriaId": "2A1703D9-8EEB-432D-90E2-F847CDC4C204",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:b7:*:*:*:*:*:*",
"matchCriteriaId": "1A4C72BA-6D78-4911-83E4-4DABB2CAC47F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:b8:*:*:*:*:*:*",
"matchCriteriaId": "081FD127-1066-4019-B521-9FADB85DBD4A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:i1:*:*:*:*:*:*",
"matchCriteriaId": "C1A4F005-4823-4B2B-B4EF-4EFDB04CFB9B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:p1:*:*:*:*:*:*",
"matchCriteriaId": "357240B1-F0DA-4FA8-B782-D998951F4B54",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:p10:*:*:*:*:*:*",
"matchCriteriaId": "2F828F54-04E2-4B98-91A7-B09ED833E88B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:p11:*:*:*:*:*:*",
"matchCriteriaId": "A4B8B300-8264-40AB-A839-7EACB988163B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:p12:*:*:*:*:*:*",
"matchCriteriaId": "EB76A8DF-C870-482F-A488-DB2917ABD971",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:p13:*:*:*:*:*:*",
"matchCriteriaId": "04947B1B-CF67-4C11-8FE3-6C17FD35E2EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:p14:*:*:*:*:*:*",
"matchCriteriaId": "591AEC3C-2F48-4E91-9881-42EEDD039C5D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:p15:*:*:*:*:*:*",
"matchCriteriaId": "C5CA04C8-2C80-4C7E-B329-3FFCBEDEE663",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:p16:*:*:*:*:*:*",
"matchCriteriaId": "47A1C5AC-C8B7-495A-A5F4-CD4790358A2E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:p17:*:*:*:*:*:*",
"matchCriteriaId": "B87D8B46-5B04-460D-BBA1-BB19234DA19D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:p18:*:*:*:*:*:*",
"matchCriteriaId": "C59EA30A-0B7D-4E58-A503-8C2F16B45004",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:p19:*:*:*:*:*:*",
"matchCriteriaId": "F2849E4C-09D1-48A5-B28E-F7A4CD3E8967",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:p2:*:*:*:*:*:*",
"matchCriteriaId": "F1E5549E-3272-478D-85D0-6F53EE731183",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:p20:*:*:*:*:*:*",
"matchCriteriaId": "CD0EA35B-EBFF-4E6F-BD2E-4BE165E81A3F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:p21:*:*:*:*:*:*",
"matchCriteriaId": "3F2C76F2-D457-4C7C-BE76-515CA45CA161",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:p22:*:*:*:*:*:*",
"matchCriteriaId": "0E5A374E-56C5-4EBA-967C-CDFE6A967DFD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:p23:*:*:*:*:*:*",
"matchCriteriaId": "7D4568F0-8CCD-4517-B4E9-7E2CA228D659",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:p24:*:*:*:*:*:*",
"matchCriteriaId": "96893FF5-B85E-45AF-9020-5D767E954D6D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:p25:*:*:*:*:*:*",
"matchCriteriaId": "425ABB56-3A2E-40E3-9701-E638F16E6ADD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:p26:*:*:*:*:*:*",
"matchCriteriaId": "9EEF6054-B3B5-4AAC-B24B-147A38564992",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:p27:*:*:*:*:*:*",
"matchCriteriaId": "462C2826-237E-4061-8F14-3DE09CE9952C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:p28:*:*:*:*:*:*",
"matchCriteriaId": "8DE8F008-1FC0-416C-B0D4-5A560CF985F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:p29:*:*:*:*:*:*",
"matchCriteriaId": "53AA0AB2-E814-4378-9486-D9192293C1DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:p3:*:*:*:*:*:*",
"matchCriteriaId": "D884D3AF-7D57-4DF6-82E8-556C35319ED2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:p30:*:*:*:*:*:*",
"matchCriteriaId": "2F6A123B-D6D3-4C46-9595-4D8138FC31C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:p31:*:*:*:*:*:*",
"matchCriteriaId": "4245029F-D95D-4364-BB29-8C60F5461070",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:p32:*:*:*:*:*:*",
"matchCriteriaId": "C67473D2-A96B-4ACD-B248-A0AF2E3C9738",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:p33:*:*:*:*:*:*",
"matchCriteriaId": "B22FDFE4-844F-449B-88D7-E7EDC92EC752",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:p34:*:*:*:*:*:*",
"matchCriteriaId": "01D13D8E-61F2-406C-8EE5-FDDD9BDCCF71",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:p4:*:*:*:*:*:*",
"matchCriteriaId": "528BAFA3-ED39-45B5-8C81-A6FD76DDB49B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:p5:*:*:*:*:*:*",
"matchCriteriaId": "02DA7C50-7360-4679-93A5-92C8DC5E8E46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:p6:*:*:*:*:*:*",
"matchCriteriaId": "71B49D90-9522-46C6-8948-B9C21CEA473C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:p7:*:*:*:*:*:*",
"matchCriteriaId": "98C29296-D1F3-45A2-BF0A-22333150F416",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:p8:*:*:*:*:*:*",
"matchCriteriaId": "339226E6-532F-4FE2-A543-6B166A9BA7F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:p9:*:*:*:*:*:*",
"matchCriteriaId": "986FDFA6-BE12-4268-9B90-F7D469BBE517",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.1.0:-:*:*:*:*:*:*",
"matchCriteriaId": "1AE224D8-742B-4D1F-ABBE-3DDA3EA5C5AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.1.0:b1:*:*:*:*:*:*",
"matchCriteriaId": "1E6FCE7B-7ECE-42A4-82C5-12A647B0CCC8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.1.0:b2:*:*:*:*:*:*",
"matchCriteriaId": "923AA113-D5E7-4F78-88BA-B72EF250F3EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.1.0:b3:*:*:*:*:*:*",
"matchCriteriaId": "B1984F57-A313-48AC-B8F9-F352D82824D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.1.0:b4:*:*:*:*:*:*",
"matchCriteriaId": "A38DB527-72A6-40B8-B46F-B8E78BFFDB1F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.1.0:b5:*:*:*:*:*:*",
"matchCriteriaId": "67643E11-91A1-4580-BC4C-574074C862CB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.1.0:b6:*:*:*:*:*:*",
"matchCriteriaId": "350B7E0F-D234-4D7C-91E4-F35E73579A24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.1.0:b7:*:*:*:*:*:*",
"matchCriteriaId": "DE58ACA9-8078-46A7-8487-C06E4E38F372",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.1.0:b8:*:*:*:*:*:*",
"matchCriteriaId": "B3D8CF4D-E1F8-4D8D-A8A9-1783CAC869E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.1.0:b9:*:*:*:*:*:*",
"matchCriteriaId": "58B0B051-7D3C-4EC7-96B0-38A1CC108D61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.1.0:p1:*:*:*:*:*:*",
"matchCriteriaId": "B783A741-AAF2-43EE-8272-9239133A01E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.1.0:p10:*:*:*:*:*:*",
"matchCriteriaId": "A5F275A3-A99E-40E1-BD77-694FA568541F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.1.0:p11:*:*:*:*:*:*",
"matchCriteriaId": "3A44BF1A-5BE0-4412-B51D-055445758B61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.1.0:p12:*:*:*:*:*:*",
"matchCriteriaId": "A31BAE94-9096-4320-AC19-AA204E8EC08D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.1.0:p13:*:*:*:*:*:*",
"matchCriteriaId": "1B0784EA-98E8-4490-B97B-894F188A223D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.1.0:p14:*:*:*:*:*:*",
"matchCriteriaId": "A56A901F-1040-4DB9-9BE3-FE1999C514CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.1.0:p15:*:*:*:*:*:*",
"matchCriteriaId": "58A904FC-C015-469D-8502-E678D5FDBD06",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.1.0:p16:*:*:*:*:*:*",
"matchCriteriaId": "1B5D109C-60AA-4FA4-9B10-2191AAF109F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.1.0:p17:*:*:*:*:*:*",
"matchCriteriaId": "37297866-24BB-4044-8744-EC0A8C29F152",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.1.0:p18:*:*:*:*:*:*",
"matchCriteriaId": "F9D4A171-CCB3-43B8-8B70-78610423E7C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.1.0:p2:*:*:*:*:*:*",
"matchCriteriaId": "4DA8F776-A724-48FC-B7EF-13788BC69753",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.1.0:p20:*:*:*:*:*:*",
"matchCriteriaId": "46F42A22-99F2-4DF5-9B00-3123396F87AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.1.0:p21:*:*:*:*:*:*",
"matchCriteriaId": "1C59D4D3-D526-4E6B-B3AA-FE485D030190",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.1.0:p22:*:*:*:*:*:*",
"matchCriteriaId": "65E5CAE6-DC8B-47B3-84A0-D79B0C33EB45",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.1.0:p23:*:*:*:*:*:*",
"matchCriteriaId": "8B9E0D89-79E2-476A-8A3E-8443316BC310",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.1.0:p3:*:*:*:*:*:*",
"matchCriteriaId": "076463AA-195F-4CD6-861B-72FE1C8A407F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.1.0:p4:*:*:*:*:*:*",
"matchCriteriaId": "63043834-98E5-47C2-91F1-41B98270ABCA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.1.0:p5:*:*:*:*:*:*",
"matchCriteriaId": "FCF745D0-2EA6-4414-90BC-99D3ED08BB01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.1.0:p6:*:*:*:*:*:*",
"matchCriteriaId": "4823087F-D7FA-4594-8FD3-412DE5EA1F02",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.1.0:p7:*:*:*:*:*:*",
"matchCriteriaId": "6429F9CE-D477-4CFF-B6E0-4BF11B61ED0E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.1.0:p8:*:*:*:*:*:*",
"matchCriteriaId": "A50C58F9-94ED-4D85-8331-2D81F8E0760A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.1.0:p9:*:*:*:*:*:*",
"matchCriteriaId": "9A6AC0BD-FB65-4FAA-B344-66F87F16F8B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tribe29:checkmk:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2E68DD82-AF90-4D24-B507-833541B762AC",
"versionEndExcluding": "2.0.0",
"versionStartIncluding": "1.6.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "HTML Email Injection in Tribe29 Checkmk \u003c=2.1.0p23; \u003c=2.0.0p34, and all versions of Checkmk 1.6.0 allows an authenticated attacker to inject malicious HTML into Emails"
}
],
"id": "CVE-2023-22288",
"lastModified": "2024-11-21T07:44:27.717",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 1.4,
"source": "security@checkmk.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-03-20T16:15:13.120",
"references": [
{
"source": "security@checkmk.com",
"tags": [
"Vendor Advisory"
],
"url": "https://checkmk.com/werk/15069"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://checkmk.com/werk/15069"
}
],
"sourceIdentifier": "security@checkmk.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-138"
}
],
"source": "security@checkmk.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-01-12 08:15
Modified
2024-11-21 08:01
Severity ?
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
Summary
Insufficient authentication flow in Checkmk before 2.2.0p18, 2.1.0p38 and 2.0.0p39 allows attacker to use locked credentials
References
| ▶ | URL | Tags | |
|---|---|---|---|
| security@checkmk.com | https://checkmk.com/werk/16227 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://checkmk.com/werk/16227 | Patch, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:b1:*:*:*:*:*:*",
"matchCriteriaId": "54031390-D7E7-4A14-AA2F-923768B3685F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:b2:*:*:*:*:*:*",
"matchCriteriaId": "F1B7E35F-5A07-424E-AA09-AC54104D612B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:b3:*:*:*:*:*:*",
"matchCriteriaId": "8D4AC302-C8F5-4A2B-A73A-982D0AA2495A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:b4:*:*:*:*:*:*",
"matchCriteriaId": "7A058C71-C39E-4109-B570-4A061013D033",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:b5:*:*:*:*:*:*",
"matchCriteriaId": "22BCFA79-B3D6-4FFF-A3D3-8C4C97AF17C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:b6:*:*:*:*:*:*",
"matchCriteriaId": "2A1703D9-8EEB-432D-90E2-F847CDC4C204",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:b7:*:*:*:*:*:*",
"matchCriteriaId": "1A4C72BA-6D78-4911-83E4-4DABB2CAC47F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:b8:*:*:*:*:*:*",
"matchCriteriaId": "081FD127-1066-4019-B521-9FADB85DBD4A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:i1:*:*:*:*:*:*",
"matchCriteriaId": "C1A4F005-4823-4B2B-B4EF-4EFDB04CFB9B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:p1:*:*:*:*:*:*",
"matchCriteriaId": "357240B1-F0DA-4FA8-B782-D998951F4B54",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:p10:*:*:*:*:*:*",
"matchCriteriaId": "2F828F54-04E2-4B98-91A7-B09ED833E88B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:p11:*:*:*:*:*:*",
"matchCriteriaId": "A4B8B300-8264-40AB-A839-7EACB988163B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:p12:*:*:*:*:*:*",
"matchCriteriaId": "EB76A8DF-C870-482F-A488-DB2917ABD971",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:p13:*:*:*:*:*:*",
"matchCriteriaId": "04947B1B-CF67-4C11-8FE3-6C17FD35E2EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:p14:*:*:*:*:*:*",
"matchCriteriaId": "591AEC3C-2F48-4E91-9881-42EEDD039C5D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:p15:*:*:*:*:*:*",
"matchCriteriaId": "C5CA04C8-2C80-4C7E-B329-3FFCBEDEE663",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:p16:*:*:*:*:*:*",
"matchCriteriaId": "47A1C5AC-C8B7-495A-A5F4-CD4790358A2E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:p17:*:*:*:*:*:*",
"matchCriteriaId": "B87D8B46-5B04-460D-BBA1-BB19234DA19D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:p18:*:*:*:*:*:*",
"matchCriteriaId": "C59EA30A-0B7D-4E58-A503-8C2F16B45004",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:p19:*:*:*:*:*:*",
"matchCriteriaId": "F2849E4C-09D1-48A5-B28E-F7A4CD3E8967",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:p2:*:*:*:*:*:*",
"matchCriteriaId": "F1E5549E-3272-478D-85D0-6F53EE731183",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:p20:*:*:*:*:*:*",
"matchCriteriaId": "CD0EA35B-EBFF-4E6F-BD2E-4BE165E81A3F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:p21:*:*:*:*:*:*",
"matchCriteriaId": "3F2C76F2-D457-4C7C-BE76-515CA45CA161",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:p22:*:*:*:*:*:*",
"matchCriteriaId": "0E5A374E-56C5-4EBA-967C-CDFE6A967DFD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:p23:*:*:*:*:*:*",
"matchCriteriaId": "7D4568F0-8CCD-4517-B4E9-7E2CA228D659",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:p24:*:*:*:*:*:*",
"matchCriteriaId": "96893FF5-B85E-45AF-9020-5D767E954D6D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:p25:*:*:*:*:*:*",
"matchCriteriaId": "425ABB56-3A2E-40E3-9701-E638F16E6ADD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:p26:*:*:*:*:*:*",
"matchCriteriaId": "9EEF6054-B3B5-4AAC-B24B-147A38564992",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:p27:*:*:*:*:*:*",
"matchCriteriaId": "462C2826-237E-4061-8F14-3DE09CE9952C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:p28:*:*:*:*:*:*",
"matchCriteriaId": "8DE8F008-1FC0-416C-B0D4-5A560CF985F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:p29:*:*:*:*:*:*",
"matchCriteriaId": "53AA0AB2-E814-4378-9486-D9192293C1DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:p3:*:*:*:*:*:*",
"matchCriteriaId": "D884D3AF-7D57-4DF6-82E8-556C35319ED2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:p30:*:*:*:*:*:*",
"matchCriteriaId": "2F6A123B-D6D3-4C46-9595-4D8138FC31C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:p31:*:*:*:*:*:*",
"matchCriteriaId": "4245029F-D95D-4364-BB29-8C60F5461070",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:p32:*:*:*:*:*:*",
"matchCriteriaId": "C67473D2-A96B-4ACD-B248-A0AF2E3C9738",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:p33:*:*:*:*:*:*",
"matchCriteriaId": "B22FDFE4-844F-449B-88D7-E7EDC92EC752",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:p34:*:*:*:*:*:*",
"matchCriteriaId": "01D13D8E-61F2-406C-8EE5-FDDD9BDCCF71",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:p35:*:*:*:*:*:*",
"matchCriteriaId": "CA0DCBEB-CAED-4A39-B700-64311E7742DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:p36:*:*:*:*:*:*",
"matchCriteriaId": "0D8C138E-C8C2-46F7-A1D6-D33562FB86BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:p37:*:*:*:*:*:*",
"matchCriteriaId": "D4BE7A6A-C3BB-405A-8757-E60E2F611ACD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:p38:*:*:*:*:*:*",
"matchCriteriaId": "1D7BC614-16F2-4F7D-9824-C5DDE540072B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:p4:*:*:*:*:*:*",
"matchCriteriaId": "528BAFA3-ED39-45B5-8C81-A6FD76DDB49B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:p5:*:*:*:*:*:*",
"matchCriteriaId": "02DA7C50-7360-4679-93A5-92C8DC5E8E46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:p6:*:*:*:*:*:*",
"matchCriteriaId": "71B49D90-9522-46C6-8948-B9C21CEA473C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:p7:*:*:*:*:*:*",
"matchCriteriaId": "98C29296-D1F3-45A2-BF0A-22333150F416",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:p8:*:*:*:*:*:*",
"matchCriteriaId": "339226E6-532F-4FE2-A543-6B166A9BA7F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:p9:*:*:*:*:*:*",
"matchCriteriaId": "986FDFA6-BE12-4268-9B90-F7D469BBE517",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.1.0:-:*:*:*:*:*:*",
"matchCriteriaId": "1AE224D8-742B-4D1F-ABBE-3DDA3EA5C5AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.1.0:b1:*:*:*:*:*:*",
"matchCriteriaId": "1E6FCE7B-7ECE-42A4-82C5-12A647B0CCC8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.1.0:b2:*:*:*:*:*:*",
"matchCriteriaId": "923AA113-D5E7-4F78-88BA-B72EF250F3EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.1.0:b3:*:*:*:*:*:*",
"matchCriteriaId": "B1984F57-A313-48AC-B8F9-F352D82824D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.1.0:b4:*:*:*:*:*:*",
"matchCriteriaId": "A38DB527-72A6-40B8-B46F-B8E78BFFDB1F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.1.0:b5:*:*:*:*:*:*",
"matchCriteriaId": "67643E11-91A1-4580-BC4C-574074C862CB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.1.0:b6:*:*:*:*:*:*",
"matchCriteriaId": "350B7E0F-D234-4D7C-91E4-F35E73579A24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.1.0:b7:*:*:*:*:*:*",
"matchCriteriaId": "DE58ACA9-8078-46A7-8487-C06E4E38F372",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.1.0:b8:*:*:*:*:*:*",
"matchCriteriaId": "B3D8CF4D-E1F8-4D8D-A8A9-1783CAC869E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.1.0:b9:*:*:*:*:*:*",
"matchCriteriaId": "58B0B051-7D3C-4EC7-96B0-38A1CC108D61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.1.0:p1:*:*:*:*:*:*",
"matchCriteriaId": "B783A741-AAF2-43EE-8272-9239133A01E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.1.0:p10:*:*:*:*:*:*",
"matchCriteriaId": "A5F275A3-A99E-40E1-BD77-694FA568541F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.1.0:p11:*:*:*:*:*:*",
"matchCriteriaId": "3A44BF1A-5BE0-4412-B51D-055445758B61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.1.0:p12:*:*:*:*:*:*",
"matchCriteriaId": "A31BAE94-9096-4320-AC19-AA204E8EC08D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.1.0:p13:*:*:*:*:*:*",
"matchCriteriaId": "1B0784EA-98E8-4490-B97B-894F188A223D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.1.0:p14:*:*:*:*:*:*",
"matchCriteriaId": "A56A901F-1040-4DB9-9BE3-FE1999C514CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.1.0:p15:*:*:*:*:*:*",
"matchCriteriaId": "58A904FC-C015-469D-8502-E678D5FDBD06",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.1.0:p16:*:*:*:*:*:*",
"matchCriteriaId": "1B5D109C-60AA-4FA4-9B10-2191AAF109F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.1.0:p17:*:*:*:*:*:*",
"matchCriteriaId": "37297866-24BB-4044-8744-EC0A8C29F152",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.1.0:p18:*:*:*:*:*:*",
"matchCriteriaId": "F9D4A171-CCB3-43B8-8B70-78610423E7C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.1.0:p19:*:*:*:*:*:*",
"matchCriteriaId": "5E1145FF-426D-407C-9F4B-EF773BD191EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.1.0:p2:*:*:*:*:*:*",
"matchCriteriaId": "4DA8F776-A724-48FC-B7EF-13788BC69753",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.1.0:p20:*:*:*:*:*:*",
"matchCriteriaId": "46F42A22-99F2-4DF5-9B00-3123396F87AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.1.0:p21:*:*:*:*:*:*",
"matchCriteriaId": "1C59D4D3-D526-4E6B-B3AA-FE485D030190",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.1.0:p22:*:*:*:*:*:*",
"matchCriteriaId": "65E5CAE6-DC8B-47B3-84A0-D79B0C33EB45",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.1.0:p23:*:*:*:*:*:*",
"matchCriteriaId": "8B9E0D89-79E2-476A-8A3E-8443316BC310",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.1.0:p24:*:*:*:*:*:*",
"matchCriteriaId": "38EA0591-C30B-4102-8A06-1B922FD3A0C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.1.0:p25:*:*:*:*:*:*",
"matchCriteriaId": "5E9AF0D3-8DD6-4EC7-BB33-54401D4025FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.1.0:p26:*:*:*:*:*:*",
"matchCriteriaId": "983604CC-DD2C-42A9-8B9D-A9A261CE8BA6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.1.0:p27:*:*:*:*:*:*",
"matchCriteriaId": "224960F7-695C-415B-B991-E8C01859AA80",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.1.0:p28:*:*:*:*:*:*",
"matchCriteriaId": "1F6D86E4-738B-4ADA-858E-C12CCED9FAAA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.1.0:p29:*:*:*:*:*:*",
"matchCriteriaId": "BD8EBF09-9B70-4972-85B1-82F41488BE3F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.1.0:p3:*:*:*:*:*:*",
"matchCriteriaId": "076463AA-195F-4CD6-861B-72FE1C8A407F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.1.0:p30:*:*:*:*:*:*",
"matchCriteriaId": "009D2C7B-39B8-400F-80A5-06D56319232C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.1.0:p31:*:*:*:*:*:*",
"matchCriteriaId": "3D5AEB8D-772E-401F-975C-61BDD30B481E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.1.0:p32:*:*:*:*:*:*",
"matchCriteriaId": "2ECAB6C5-518C-4CA4-8B2B-D51115612A8B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.1.0:p33:*:*:*:*:*:*",
"matchCriteriaId": "FECC252C-02AA-41EC-BB84-5C1A6BC0FB8A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.1.0:p34:*:*:*:*:*:*",
"matchCriteriaId": "238324F5-7225-40DD-82E8-52F30F0D3776",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.1.0:p35:*:*:*:*:*:*",
"matchCriteriaId": "4F3C9510-BD43-4F67-9C30-4F82B5D230E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.1.0:p36:*:*:*:*:*:*",
"matchCriteriaId": "51941654-F6FF-4323-AECA-5D1D84308CD2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.1.0:p37:*:*:*:*:*:*",
"matchCriteriaId": "6E800133-1D28-41D1-8D73-9437D741F83B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.1.0:p4:*:*:*:*:*:*",
"matchCriteriaId": "63043834-98E5-47C2-91F1-41B98270ABCA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.1.0:p5:*:*:*:*:*:*",
"matchCriteriaId": "FCF745D0-2EA6-4414-90BC-99D3ED08BB01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.1.0:p6:*:*:*:*:*:*",
"matchCriteriaId": "4823087F-D7FA-4594-8FD3-412DE5EA1F02",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.1.0:p7:*:*:*:*:*:*",
"matchCriteriaId": "6429F9CE-D477-4CFF-B6E0-4BF11B61ED0E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.1.0:p8:*:*:*:*:*:*",
"matchCriteriaId": "A50C58F9-94ED-4D85-8331-2D81F8E0760A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.1.0:p9:*:*:*:*:*:*",
"matchCriteriaId": "9A6AC0BD-FB65-4FAA-B344-66F87F16F8B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.2.0:-:*:*:*:*:*:*",
"matchCriteriaId": "C66704F1-0B5E-4B43-8748-987022F378F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.2.0:b1:*:*:*:*:*:*",
"matchCriteriaId": "B068974F-6F67-4CBB-B567-FCED86E28F22",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.2.0:b2:*:*:*:*:*:*",
"matchCriteriaId": "EA70F36A-EEF6-48DC-B15E-055D0DE8A052",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.2.0:b3:*:*:*:*:*:*",
"matchCriteriaId": "B2017F38-38DB-4E96-B34F-160BC731CBBE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.2.0:b4:*:*:*:*:*:*",
"matchCriteriaId": "0949F399-371B-409C-AF9F-32690D881440",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.2.0:b5:*:*:*:*:*:*",
"matchCriteriaId": "42E1E31A-B5CC-45F2-A2E5-3EEF735499BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.2.0:b6:*:*:*:*:*:*",
"matchCriteriaId": "4B364FCA-500C-458E-B997-82CD0B1D24F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.2.0:b7:*:*:*:*:*:*",
"matchCriteriaId": "0B32E657-917B-482B-B6A4-3D3746992A4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.2.0:b8:*:*:*:*:*:*",
"matchCriteriaId": "2119C732-E024-4DA6-8E47-9E08E5E12602",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.2.0:i1:*:*:*:*:*:*",
"matchCriteriaId": "4F0B99A8-A124-43BD-B8AA-EECC9112346F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.2.0:p1:*:*:*:*:*:*",
"matchCriteriaId": "3FB7221E-BE9F-4529-8E07-8AD547FA3208",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.2.0:p10:*:*:*:*:*:*",
"matchCriteriaId": "30A074AD-9499-46E3-AB67-D6CEE3AA01C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.2.0:p11:*:*:*:*:*:*",
"matchCriteriaId": "A8BD0240-A22B-4273-BD47-C35A8C12E127",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.2.0:p12:*:*:*:*:*:*",
"matchCriteriaId": "DAA5680F-1DD0-48AA-BB7F-15B27365F0FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.2.0:p13:*:*:*:*:*:*",
"matchCriteriaId": "BC2F31CA-D4EB-44E6-9A09-5255D33F4A88",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.2.0:p14:*:*:*:*:*:*",
"matchCriteriaId": "CD80BD69-20C6-4E17-B165-98689179A5A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.2.0:p15:*:*:*:*:*:*",
"matchCriteriaId": "B044D43B-0233-4A0D-A356-B9F9324E2777",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.2.0:p16:*:*:*:*:*:*",
"matchCriteriaId": "7DE79896-EBE5-42F2-A126-2A871BBA1071",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.2.0:p17:*:*:*:*:*:*",
"matchCriteriaId": "51A44E69-EEA1-4B01-B7B3-5BF7B39819E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.2.0:p2:*:*:*:*:*:*",
"matchCriteriaId": "7BCEB6FF-668F-4313-9264-0BF021AFC45F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.2.0:p3:*:*:*:*:*:*",
"matchCriteriaId": "E2342E2D-58B0-43E7-8C01-DF4678520F39",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.2.0:p4:*:*:*:*:*:*",
"matchCriteriaId": "1871B646-CA69-477F-B113-B901AC7B3934",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.2.0:p5:*:*:*:*:*:*",
"matchCriteriaId": "EEC65A72-CAE1-4E28-83EF-7ECAFE921BB6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tribe29:checkmk:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8AF09C00-1AEF-4502-8C7B-3B68F2C35D34",
"versionEndIncluding": "2.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Insufficient authentication flow in Checkmk before 2.2.0p18, 2.1.0p38 and 2.0.0p39 allows attacker to use locked credentials"
},
{
"lang": "es",
"value": "El flujo de autenticaci\u00f3n insuficiente en Checkmk anterior a 2.2.0p17, 2.1.0p37 y 2.0.0p39 permite al atacante utilizar credenciales bloqueadas"
}
],
"id": "CVE-2023-31211",
"lastModified": "2024-11-21T08:01:37.957",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "security@checkmk.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-01-12T08:15:43.137",
"references": [
{
"source": "security@checkmk.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://checkmk.com/werk/16227"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://checkmk.com/werk/16227"
}
],
"sourceIdentifier": "security@checkmk.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-303"
}
],
"source": "security@checkmk.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-670"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-05-17 09:15
Modified
2024-11-21 08:01
Severity ?
8.3 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
Improper neutralization of livestatus command delimiters in the RestAPI in Checkmk < 2.0.0p36, < 2.1.0p28, and < 2.2.0b8 (beta) allows arbitrary livestatus command execution for authorized users.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| security@checkmk.com | https://checkmk.com/werk/15191 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://checkmk.com/werk/15191 | Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:-:*:*:*:*:*:*",
"matchCriteriaId": "F8EDFDCA-0778-4540-B1D5-D3A986258028",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:b1:*:*:*:*:*:*",
"matchCriteriaId": "54031390-D7E7-4A14-AA2F-923768B3685F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:b2:*:*:*:*:*:*",
"matchCriteriaId": "F1B7E35F-5A07-424E-AA09-AC54104D612B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:b3:*:*:*:*:*:*",
"matchCriteriaId": "8D4AC302-C8F5-4A2B-A73A-982D0AA2495A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:b4:*:*:*:*:*:*",
"matchCriteriaId": "7A058C71-C39E-4109-B570-4A061013D033",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:b5:*:*:*:*:*:*",
"matchCriteriaId": "22BCFA79-B3D6-4FFF-A3D3-8C4C97AF17C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:b6:*:*:*:*:*:*",
"matchCriteriaId": "2A1703D9-8EEB-432D-90E2-F847CDC4C204",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:b7:*:*:*:*:*:*",
"matchCriteriaId": "1A4C72BA-6D78-4911-83E4-4DABB2CAC47F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:b8:*:*:*:*:*:*",
"matchCriteriaId": "081FD127-1066-4019-B521-9FADB85DBD4A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:i1:*:*:*:*:*:*",
"matchCriteriaId": "C1A4F005-4823-4B2B-B4EF-4EFDB04CFB9B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:p1:*:*:*:*:*:*",
"matchCriteriaId": "357240B1-F0DA-4FA8-B782-D998951F4B54",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:p10:*:*:*:*:*:*",
"matchCriteriaId": "2F828F54-04E2-4B98-91A7-B09ED833E88B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:p11:*:*:*:*:*:*",
"matchCriteriaId": "A4B8B300-8264-40AB-A839-7EACB988163B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:p12:*:*:*:*:*:*",
"matchCriteriaId": "EB76A8DF-C870-482F-A488-DB2917ABD971",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:p13:*:*:*:*:*:*",
"matchCriteriaId": "04947B1B-CF67-4C11-8FE3-6C17FD35E2EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:p14:*:*:*:*:*:*",
"matchCriteriaId": "591AEC3C-2F48-4E91-9881-42EEDD039C5D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:p15:*:*:*:*:*:*",
"matchCriteriaId": "C5CA04C8-2C80-4C7E-B329-3FFCBEDEE663",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:p16:*:*:*:*:*:*",
"matchCriteriaId": "47A1C5AC-C8B7-495A-A5F4-CD4790358A2E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:p17:*:*:*:*:*:*",
"matchCriteriaId": "B87D8B46-5B04-460D-BBA1-BB19234DA19D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:p18:*:*:*:*:*:*",
"matchCriteriaId": "C59EA30A-0B7D-4E58-A503-8C2F16B45004",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:p19:*:*:*:*:*:*",
"matchCriteriaId": "F2849E4C-09D1-48A5-B28E-F7A4CD3E8967",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:p2:*:*:*:*:*:*",
"matchCriteriaId": "F1E5549E-3272-478D-85D0-6F53EE731183",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:p20:*:*:*:*:*:*",
"matchCriteriaId": "CD0EA35B-EBFF-4E6F-BD2E-4BE165E81A3F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:p21:*:*:*:*:*:*",
"matchCriteriaId": "3F2C76F2-D457-4C7C-BE76-515CA45CA161",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:p22:*:*:*:*:*:*",
"matchCriteriaId": "0E5A374E-56C5-4EBA-967C-CDFE6A967DFD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:p23:*:*:*:*:*:*",
"matchCriteriaId": "7D4568F0-8CCD-4517-B4E9-7E2CA228D659",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:p24:*:*:*:*:*:*",
"matchCriteriaId": "96893FF5-B85E-45AF-9020-5D767E954D6D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:p25:*:*:*:*:*:*",
"matchCriteriaId": "425ABB56-3A2E-40E3-9701-E638F16E6ADD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:p26:*:*:*:*:*:*",
"matchCriteriaId": "9EEF6054-B3B5-4AAC-B24B-147A38564992",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:p27:*:*:*:*:*:*",
"matchCriteriaId": "462C2826-237E-4061-8F14-3DE09CE9952C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:p28:*:*:*:*:*:*",
"matchCriteriaId": "8DE8F008-1FC0-416C-B0D4-5A560CF985F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:p29:*:*:*:*:*:*",
"matchCriteriaId": "53AA0AB2-E814-4378-9486-D9192293C1DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:p3:*:*:*:*:*:*",
"matchCriteriaId": "D884D3AF-7D57-4DF6-82E8-556C35319ED2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:p30:*:*:*:*:*:*",
"matchCriteriaId": "2F6A123B-D6D3-4C46-9595-4D8138FC31C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:p31:*:*:*:*:*:*",
"matchCriteriaId": "4245029F-D95D-4364-BB29-8C60F5461070",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:p32:*:*:*:*:*:*",
"matchCriteriaId": "C67473D2-A96B-4ACD-B248-A0AF2E3C9738",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:p33:*:*:*:*:*:*",
"matchCriteriaId": "B22FDFE4-844F-449B-88D7-E7EDC92EC752",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:p34:*:*:*:*:*:*",
"matchCriteriaId": "01D13D8E-61F2-406C-8EE5-FDDD9BDCCF71",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:p35:*:*:*:*:*:*",
"matchCriteriaId": "CA0DCBEB-CAED-4A39-B700-64311E7742DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:p4:*:*:*:*:*:*",
"matchCriteriaId": "528BAFA3-ED39-45B5-8C81-A6FD76DDB49B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:p5:*:*:*:*:*:*",
"matchCriteriaId": "02DA7C50-7360-4679-93A5-92C8DC5E8E46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:p6:*:*:*:*:*:*",
"matchCriteriaId": "71B49D90-9522-46C6-8948-B9C21CEA473C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:p7:*:*:*:*:*:*",
"matchCriteriaId": "98C29296-D1F3-45A2-BF0A-22333150F416",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:p8:*:*:*:*:*:*",
"matchCriteriaId": "339226E6-532F-4FE2-A543-6B166A9BA7F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:p9:*:*:*:*:*:*",
"matchCriteriaId": "986FDFA6-BE12-4268-9B90-F7D469BBE517",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.1.0:-:*:*:*:*:*:*",
"matchCriteriaId": "1AE224D8-742B-4D1F-ABBE-3DDA3EA5C5AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.1.0:b1:*:*:*:*:*:*",
"matchCriteriaId": "1E6FCE7B-7ECE-42A4-82C5-12A647B0CCC8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.1.0:b2:*:*:*:*:*:*",
"matchCriteriaId": "923AA113-D5E7-4F78-88BA-B72EF250F3EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.1.0:b3:*:*:*:*:*:*",
"matchCriteriaId": "B1984F57-A313-48AC-B8F9-F352D82824D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.1.0:b4:*:*:*:*:*:*",
"matchCriteriaId": "A38DB527-72A6-40B8-B46F-B8E78BFFDB1F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.1.0:b5:*:*:*:*:*:*",
"matchCriteriaId": "67643E11-91A1-4580-BC4C-574074C862CB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.1.0:b6:*:*:*:*:*:*",
"matchCriteriaId": "350B7E0F-D234-4D7C-91E4-F35E73579A24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.1.0:b7:*:*:*:*:*:*",
"matchCriteriaId": "DE58ACA9-8078-46A7-8487-C06E4E38F372",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.1.0:b8:*:*:*:*:*:*",
"matchCriteriaId": "B3D8CF4D-E1F8-4D8D-A8A9-1783CAC869E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.1.0:b9:*:*:*:*:*:*",
"matchCriteriaId": "58B0B051-7D3C-4EC7-96B0-38A1CC108D61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.1.0:p1:*:*:*:*:*:*",
"matchCriteriaId": "B783A741-AAF2-43EE-8272-9239133A01E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.1.0:p10:*:*:*:*:*:*",
"matchCriteriaId": "A5F275A3-A99E-40E1-BD77-694FA568541F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.1.0:p11:*:*:*:*:*:*",
"matchCriteriaId": "3A44BF1A-5BE0-4412-B51D-055445758B61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.1.0:p12:*:*:*:*:*:*",
"matchCriteriaId": "A31BAE94-9096-4320-AC19-AA204E8EC08D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.1.0:p13:*:*:*:*:*:*",
"matchCriteriaId": "1B0784EA-98E8-4490-B97B-894F188A223D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.1.0:p14:*:*:*:*:*:*",
"matchCriteriaId": "A56A901F-1040-4DB9-9BE3-FE1999C514CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.1.0:p15:*:*:*:*:*:*",
"matchCriteriaId": "58A904FC-C015-469D-8502-E678D5FDBD06",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.1.0:p16:*:*:*:*:*:*",
"matchCriteriaId": "1B5D109C-60AA-4FA4-9B10-2191AAF109F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.1.0:p17:*:*:*:*:*:*",
"matchCriteriaId": "37297866-24BB-4044-8744-EC0A8C29F152",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.1.0:p18:*:*:*:*:*:*",
"matchCriteriaId": "F9D4A171-CCB3-43B8-8B70-78610423E7C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.1.0:p2:*:*:*:*:*:*",
"matchCriteriaId": "4DA8F776-A724-48FC-B7EF-13788BC69753",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.1.0:p20:*:*:*:*:*:*",
"matchCriteriaId": "46F42A22-99F2-4DF5-9B00-3123396F87AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.1.0:p21:*:*:*:*:*:*",
"matchCriteriaId": "1C59D4D3-D526-4E6B-B3AA-FE485D030190",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.1.0:p22:*:*:*:*:*:*",
"matchCriteriaId": "65E5CAE6-DC8B-47B3-84A0-D79B0C33EB45",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.1.0:p23:*:*:*:*:*:*",
"matchCriteriaId": "8B9E0D89-79E2-476A-8A3E-8443316BC310",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.1.0:p24:*:*:*:*:*:*",
"matchCriteriaId": "38EA0591-C30B-4102-8A06-1B922FD3A0C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.1.0:p25:*:*:*:*:*:*",
"matchCriteriaId": "5E9AF0D3-8DD6-4EC7-BB33-54401D4025FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.1.0:p26:*:*:*:*:*:*",
"matchCriteriaId": "983604CC-DD2C-42A9-8B9D-A9A261CE8BA6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.1.0:p27:*:*:*:*:*:*",
"matchCriteriaId": "224960F7-695C-415B-B991-E8C01859AA80",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.1.0:p3:*:*:*:*:*:*",
"matchCriteriaId": "076463AA-195F-4CD6-861B-72FE1C8A407F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.1.0:p4:*:*:*:*:*:*",
"matchCriteriaId": "63043834-98E5-47C2-91F1-41B98270ABCA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.1.0:p5:*:*:*:*:*:*",
"matchCriteriaId": "FCF745D0-2EA6-4414-90BC-99D3ED08BB01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.1.0:p6:*:*:*:*:*:*",
"matchCriteriaId": "4823087F-D7FA-4594-8FD3-412DE5EA1F02",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.1.0:p7:*:*:*:*:*:*",
"matchCriteriaId": "6429F9CE-D477-4CFF-B6E0-4BF11B61ED0E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.1.0:p8:*:*:*:*:*:*",
"matchCriteriaId": "A50C58F9-94ED-4D85-8331-2D81F8E0760A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.1.0:p9:*:*:*:*:*:*",
"matchCriteriaId": "9A6AC0BD-FB65-4FAA-B344-66F87F16F8B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.2.0:b1:*:*:*:*:*:*",
"matchCriteriaId": "B068974F-6F67-4CBB-B567-FCED86E28F22",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.2.0:b2:*:*:*:*:*:*",
"matchCriteriaId": "EA70F36A-EEF6-48DC-B15E-055D0DE8A052",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.2.0:b3:*:*:*:*:*:*",
"matchCriteriaId": "B2017F38-38DB-4E96-B34F-160BC731CBBE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.2.0:b4:*:*:*:*:*:*",
"matchCriteriaId": "0949F399-371B-409C-AF9F-32690D881440",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.2.0:b5:*:*:*:*:*:*",
"matchCriteriaId": "42E1E31A-B5CC-45F2-A2E5-3EEF735499BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.2.0:b6:*:*:*:*:*:*",
"matchCriteriaId": "4B364FCA-500C-458E-B997-82CD0B1D24F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.2.0:b7:*:*:*:*:*:*",
"matchCriteriaId": "0B32E657-917B-482B-B6A4-3D3746992A4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.2.0:i1:*:*:*:*:*:*",
"matchCriteriaId": "4F0B99A8-A124-43BD-B8AA-EECC9112346F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tribe29:checkmk:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EA066B19-D5EC-4BAA-A842-1E792607D51B",
"versionEndExcluding": "2.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper neutralization of livestatus command delimiters in the RestAPI in Checkmk \u003c 2.0.0p36, \u003c 2.1.0p28, and \u003c 2.2.0b8 (beta) allows arbitrary livestatus command execution for authorized users."
}
],
"id": "CVE-2023-31208",
"lastModified": "2024-11-21T08:01:37.537",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.5,
"source": "security@checkmk.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-05-17T09:15:10.473",
"references": [
{
"source": "security@checkmk.com",
"tags": [
"Vendor Advisory"
],
"url": "https://checkmk.com/werk/15191"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://checkmk.com/werk/15191"
}
],
"sourceIdentifier": "security@checkmk.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-140"
}
],
"source": "security@checkmk.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-77"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-01-12 08:15
Modified
2024-11-21 08:44
Severity ?
8.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
Privilege escalation in mk_tsm agent plugin in Checkmk before 2.2.0p18, 2.1.0p38 and 2.0.0p39 allows local user to escalate privileges
References
| ▶ | URL | Tags | |
|---|---|---|---|
| security@checkmk.com | https://checkmk.com/werk/16273 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://checkmk.com/werk/16273 | Patch, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:b1:*:*:*:*:*:*",
"matchCriteriaId": "54031390-D7E7-4A14-AA2F-923768B3685F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:b2:*:*:*:*:*:*",
"matchCriteriaId": "F1B7E35F-5A07-424E-AA09-AC54104D612B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:b3:*:*:*:*:*:*",
"matchCriteriaId": "8D4AC302-C8F5-4A2B-A73A-982D0AA2495A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:b4:*:*:*:*:*:*",
"matchCriteriaId": "7A058C71-C39E-4109-B570-4A061013D033",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:b5:*:*:*:*:*:*",
"matchCriteriaId": "22BCFA79-B3D6-4FFF-A3D3-8C4C97AF17C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:b6:*:*:*:*:*:*",
"matchCriteriaId": "2A1703D9-8EEB-432D-90E2-F847CDC4C204",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:b7:*:*:*:*:*:*",
"matchCriteriaId": "1A4C72BA-6D78-4911-83E4-4DABB2CAC47F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:b8:*:*:*:*:*:*",
"matchCriteriaId": "081FD127-1066-4019-B521-9FADB85DBD4A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:i1:*:*:*:*:*:*",
"matchCriteriaId": "C1A4F005-4823-4B2B-B4EF-4EFDB04CFB9B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:p1:*:*:*:*:*:*",
"matchCriteriaId": "357240B1-F0DA-4FA8-B782-D998951F4B54",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:p10:*:*:*:*:*:*",
"matchCriteriaId": "2F828F54-04E2-4B98-91A7-B09ED833E88B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:p11:*:*:*:*:*:*",
"matchCriteriaId": "A4B8B300-8264-40AB-A839-7EACB988163B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:p12:*:*:*:*:*:*",
"matchCriteriaId": "EB76A8DF-C870-482F-A488-DB2917ABD971",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:p13:*:*:*:*:*:*",
"matchCriteriaId": "04947B1B-CF67-4C11-8FE3-6C17FD35E2EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:p14:*:*:*:*:*:*",
"matchCriteriaId": "591AEC3C-2F48-4E91-9881-42EEDD039C5D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:p15:*:*:*:*:*:*",
"matchCriteriaId": "C5CA04C8-2C80-4C7E-B329-3FFCBEDEE663",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:p16:*:*:*:*:*:*",
"matchCriteriaId": "47A1C5AC-C8B7-495A-A5F4-CD4790358A2E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:p17:*:*:*:*:*:*",
"matchCriteriaId": "B87D8B46-5B04-460D-BBA1-BB19234DA19D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:p18:*:*:*:*:*:*",
"matchCriteriaId": "C59EA30A-0B7D-4E58-A503-8C2F16B45004",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:p19:*:*:*:*:*:*",
"matchCriteriaId": "F2849E4C-09D1-48A5-B28E-F7A4CD3E8967",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:p2:*:*:*:*:*:*",
"matchCriteriaId": "F1E5549E-3272-478D-85D0-6F53EE731183",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:p20:*:*:*:*:*:*",
"matchCriteriaId": "CD0EA35B-EBFF-4E6F-BD2E-4BE165E81A3F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:p21:*:*:*:*:*:*",
"matchCriteriaId": "3F2C76F2-D457-4C7C-BE76-515CA45CA161",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:p22:*:*:*:*:*:*",
"matchCriteriaId": "0E5A374E-56C5-4EBA-967C-CDFE6A967DFD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:p23:*:*:*:*:*:*",
"matchCriteriaId": "7D4568F0-8CCD-4517-B4E9-7E2CA228D659",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:p24:*:*:*:*:*:*",
"matchCriteriaId": "96893FF5-B85E-45AF-9020-5D767E954D6D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:p25:*:*:*:*:*:*",
"matchCriteriaId": "425ABB56-3A2E-40E3-9701-E638F16E6ADD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:p26:*:*:*:*:*:*",
"matchCriteriaId": "9EEF6054-B3B5-4AAC-B24B-147A38564992",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:p27:*:*:*:*:*:*",
"matchCriteriaId": "462C2826-237E-4061-8F14-3DE09CE9952C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:p28:*:*:*:*:*:*",
"matchCriteriaId": "8DE8F008-1FC0-416C-B0D4-5A560CF985F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:p29:*:*:*:*:*:*",
"matchCriteriaId": "53AA0AB2-E814-4378-9486-D9192293C1DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:p3:*:*:*:*:*:*",
"matchCriteriaId": "D884D3AF-7D57-4DF6-82E8-556C35319ED2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:p30:*:*:*:*:*:*",
"matchCriteriaId": "2F6A123B-D6D3-4C46-9595-4D8138FC31C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:p31:*:*:*:*:*:*",
"matchCriteriaId": "4245029F-D95D-4364-BB29-8C60F5461070",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:p32:*:*:*:*:*:*",
"matchCriteriaId": "C67473D2-A96B-4ACD-B248-A0AF2E3C9738",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:p33:*:*:*:*:*:*",
"matchCriteriaId": "B22FDFE4-844F-449B-88D7-E7EDC92EC752",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:p34:*:*:*:*:*:*",
"matchCriteriaId": "01D13D8E-61F2-406C-8EE5-FDDD9BDCCF71",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:p35:*:*:*:*:*:*",
"matchCriteriaId": "CA0DCBEB-CAED-4A39-B700-64311E7742DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:p36:*:*:*:*:*:*",
"matchCriteriaId": "0D8C138E-C8C2-46F7-A1D6-D33562FB86BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:p37:*:*:*:*:*:*",
"matchCriteriaId": "D4BE7A6A-C3BB-405A-8757-E60E2F611ACD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:p38:*:*:*:*:*:*",
"matchCriteriaId": "1D7BC614-16F2-4F7D-9824-C5DDE540072B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:p4:*:*:*:*:*:*",
"matchCriteriaId": "528BAFA3-ED39-45B5-8C81-A6FD76DDB49B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:p5:*:*:*:*:*:*",
"matchCriteriaId": "02DA7C50-7360-4679-93A5-92C8DC5E8E46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:p6:*:*:*:*:*:*",
"matchCriteriaId": "71B49D90-9522-46C6-8948-B9C21CEA473C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:p7:*:*:*:*:*:*",
"matchCriteriaId": "98C29296-D1F3-45A2-BF0A-22333150F416",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:p8:*:*:*:*:*:*",
"matchCriteriaId": "339226E6-532F-4FE2-A543-6B166A9BA7F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:p9:*:*:*:*:*:*",
"matchCriteriaId": "986FDFA6-BE12-4268-9B90-F7D469BBE517",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.1.0:-:*:*:*:*:*:*",
"matchCriteriaId": "1AE224D8-742B-4D1F-ABBE-3DDA3EA5C5AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.1.0:b1:*:*:*:*:*:*",
"matchCriteriaId": "1E6FCE7B-7ECE-42A4-82C5-12A647B0CCC8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.1.0:b2:*:*:*:*:*:*",
"matchCriteriaId": "923AA113-D5E7-4F78-88BA-B72EF250F3EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.1.0:b3:*:*:*:*:*:*",
"matchCriteriaId": "B1984F57-A313-48AC-B8F9-F352D82824D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.1.0:b4:*:*:*:*:*:*",
"matchCriteriaId": "A38DB527-72A6-40B8-B46F-B8E78BFFDB1F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.1.0:b5:*:*:*:*:*:*",
"matchCriteriaId": "67643E11-91A1-4580-BC4C-574074C862CB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.1.0:b6:*:*:*:*:*:*",
"matchCriteriaId": "350B7E0F-D234-4D7C-91E4-F35E73579A24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.1.0:b7:*:*:*:*:*:*",
"matchCriteriaId": "DE58ACA9-8078-46A7-8487-C06E4E38F372",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.1.0:b8:*:*:*:*:*:*",
"matchCriteriaId": "B3D8CF4D-E1F8-4D8D-A8A9-1783CAC869E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.1.0:b9:*:*:*:*:*:*",
"matchCriteriaId": "58B0B051-7D3C-4EC7-96B0-38A1CC108D61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.1.0:p1:*:*:*:*:*:*",
"matchCriteriaId": "B783A741-AAF2-43EE-8272-9239133A01E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.1.0:p10:*:*:*:*:*:*",
"matchCriteriaId": "A5F275A3-A99E-40E1-BD77-694FA568541F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.1.0:p11:*:*:*:*:*:*",
"matchCriteriaId": "3A44BF1A-5BE0-4412-B51D-055445758B61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.1.0:p12:*:*:*:*:*:*",
"matchCriteriaId": "A31BAE94-9096-4320-AC19-AA204E8EC08D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.1.0:p13:*:*:*:*:*:*",
"matchCriteriaId": "1B0784EA-98E8-4490-B97B-894F188A223D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.1.0:p14:*:*:*:*:*:*",
"matchCriteriaId": "A56A901F-1040-4DB9-9BE3-FE1999C514CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.1.0:p15:*:*:*:*:*:*",
"matchCriteriaId": "58A904FC-C015-469D-8502-E678D5FDBD06",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.1.0:p16:*:*:*:*:*:*",
"matchCriteriaId": "1B5D109C-60AA-4FA4-9B10-2191AAF109F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.1.0:p17:*:*:*:*:*:*",
"matchCriteriaId": "37297866-24BB-4044-8744-EC0A8C29F152",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.1.0:p18:*:*:*:*:*:*",
"matchCriteriaId": "F9D4A171-CCB3-43B8-8B70-78610423E7C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.1.0:p19:*:*:*:*:*:*",
"matchCriteriaId": "5E1145FF-426D-407C-9F4B-EF773BD191EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.1.0:p2:*:*:*:*:*:*",
"matchCriteriaId": "4DA8F776-A724-48FC-B7EF-13788BC69753",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.1.0:p20:*:*:*:*:*:*",
"matchCriteriaId": "46F42A22-99F2-4DF5-9B00-3123396F87AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.1.0:p21:*:*:*:*:*:*",
"matchCriteriaId": "1C59D4D3-D526-4E6B-B3AA-FE485D030190",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.1.0:p22:*:*:*:*:*:*",
"matchCriteriaId": "65E5CAE6-DC8B-47B3-84A0-D79B0C33EB45",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.1.0:p23:*:*:*:*:*:*",
"matchCriteriaId": "8B9E0D89-79E2-476A-8A3E-8443316BC310",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.1.0:p24:*:*:*:*:*:*",
"matchCriteriaId": "38EA0591-C30B-4102-8A06-1B922FD3A0C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.1.0:p25:*:*:*:*:*:*",
"matchCriteriaId": "5E9AF0D3-8DD6-4EC7-BB33-54401D4025FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.1.0:p26:*:*:*:*:*:*",
"matchCriteriaId": "983604CC-DD2C-42A9-8B9D-A9A261CE8BA6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.1.0:p27:*:*:*:*:*:*",
"matchCriteriaId": "224960F7-695C-415B-B991-E8C01859AA80",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.1.0:p28:*:*:*:*:*:*",
"matchCriteriaId": "1F6D86E4-738B-4ADA-858E-C12CCED9FAAA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.1.0:p29:*:*:*:*:*:*",
"matchCriteriaId": "BD8EBF09-9B70-4972-85B1-82F41488BE3F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.1.0:p3:*:*:*:*:*:*",
"matchCriteriaId": "076463AA-195F-4CD6-861B-72FE1C8A407F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.1.0:p30:*:*:*:*:*:*",
"matchCriteriaId": "009D2C7B-39B8-400F-80A5-06D56319232C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.1.0:p31:*:*:*:*:*:*",
"matchCriteriaId": "3D5AEB8D-772E-401F-975C-61BDD30B481E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.1.0:p32:*:*:*:*:*:*",
"matchCriteriaId": "2ECAB6C5-518C-4CA4-8B2B-D51115612A8B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.1.0:p33:*:*:*:*:*:*",
"matchCriteriaId": "FECC252C-02AA-41EC-BB84-5C1A6BC0FB8A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.1.0:p34:*:*:*:*:*:*",
"matchCriteriaId": "238324F5-7225-40DD-82E8-52F30F0D3776",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.1.0:p35:*:*:*:*:*:*",
"matchCriteriaId": "4F3C9510-BD43-4F67-9C30-4F82B5D230E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.1.0:p36:*:*:*:*:*:*",
"matchCriteriaId": "51941654-F6FF-4323-AECA-5D1D84308CD2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.1.0:p37:*:*:*:*:*:*",
"matchCriteriaId": "6E800133-1D28-41D1-8D73-9437D741F83B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.1.0:p4:*:*:*:*:*:*",
"matchCriteriaId": "63043834-98E5-47C2-91F1-41B98270ABCA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.1.0:p5:*:*:*:*:*:*",
"matchCriteriaId": "FCF745D0-2EA6-4414-90BC-99D3ED08BB01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.1.0:p6:*:*:*:*:*:*",
"matchCriteriaId": "4823087F-D7FA-4594-8FD3-412DE5EA1F02",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.1.0:p7:*:*:*:*:*:*",
"matchCriteriaId": "6429F9CE-D477-4CFF-B6E0-4BF11B61ED0E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.1.0:p8:*:*:*:*:*:*",
"matchCriteriaId": "A50C58F9-94ED-4D85-8331-2D81F8E0760A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.1.0:p9:*:*:*:*:*:*",
"matchCriteriaId": "9A6AC0BD-FB65-4FAA-B344-66F87F16F8B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.2.0:-:*:*:*:*:*:*",
"matchCriteriaId": "C66704F1-0B5E-4B43-8748-987022F378F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.2.0:b1:*:*:*:*:*:*",
"matchCriteriaId": "B068974F-6F67-4CBB-B567-FCED86E28F22",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.2.0:b2:*:*:*:*:*:*",
"matchCriteriaId": "EA70F36A-EEF6-48DC-B15E-055D0DE8A052",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.2.0:b3:*:*:*:*:*:*",
"matchCriteriaId": "B2017F38-38DB-4E96-B34F-160BC731CBBE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.2.0:b4:*:*:*:*:*:*",
"matchCriteriaId": "0949F399-371B-409C-AF9F-32690D881440",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.2.0:b5:*:*:*:*:*:*",
"matchCriteriaId": "42E1E31A-B5CC-45F2-A2E5-3EEF735499BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.2.0:b6:*:*:*:*:*:*",
"matchCriteriaId": "4B364FCA-500C-458E-B997-82CD0B1D24F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.2.0:b7:*:*:*:*:*:*",
"matchCriteriaId": "0B32E657-917B-482B-B6A4-3D3746992A4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.2.0:b8:*:*:*:*:*:*",
"matchCriteriaId": "2119C732-E024-4DA6-8E47-9E08E5E12602",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.2.0:i1:*:*:*:*:*:*",
"matchCriteriaId": "4F0B99A8-A124-43BD-B8AA-EECC9112346F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.2.0:p1:*:*:*:*:*:*",
"matchCriteriaId": "3FB7221E-BE9F-4529-8E07-8AD547FA3208",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.2.0:p10:*:*:*:*:*:*",
"matchCriteriaId": "30A074AD-9499-46E3-AB67-D6CEE3AA01C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.2.0:p11:*:*:*:*:*:*",
"matchCriteriaId": "A8BD0240-A22B-4273-BD47-C35A8C12E127",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.2.0:p12:*:*:*:*:*:*",
"matchCriteriaId": "DAA5680F-1DD0-48AA-BB7F-15B27365F0FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.2.0:p13:*:*:*:*:*:*",
"matchCriteriaId": "BC2F31CA-D4EB-44E6-9A09-5255D33F4A88",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.2.0:p14:*:*:*:*:*:*",
"matchCriteriaId": "CD80BD69-20C6-4E17-B165-98689179A5A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.2.0:p15:*:*:*:*:*:*",
"matchCriteriaId": "B044D43B-0233-4A0D-A356-B9F9324E2777",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.2.0:p16:*:*:*:*:*:*",
"matchCriteriaId": "7DE79896-EBE5-42F2-A126-2A871BBA1071",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.2.0:p17:*:*:*:*:*:*",
"matchCriteriaId": "51A44E69-EEA1-4B01-B7B3-5BF7B39819E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.2.0:p2:*:*:*:*:*:*",
"matchCriteriaId": "7BCEB6FF-668F-4313-9264-0BF021AFC45F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.2.0:p3:*:*:*:*:*:*",
"matchCriteriaId": "E2342E2D-58B0-43E7-8C01-DF4678520F39",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.2.0:p4:*:*:*:*:*:*",
"matchCriteriaId": "1871B646-CA69-477F-B113-B901AC7B3934",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.2.0:p5:*:*:*:*:*:*",
"matchCriteriaId": "EEC65A72-CAE1-4E28-83EF-7ECAFE921BB6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tribe29:checkmk:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8AF09C00-1AEF-4502-8C7B-3B68F2C35D34",
"versionEndIncluding": "2.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Privilege escalation in mk_tsm agent plugin in Checkmk before 2.2.0p18, 2.1.0p38 and 2.0.0p39 allows local user to escalate privileges"
},
{
"lang": "es",
"value": "La escalada de privilegios en el complemento del agente mk_tsm en Checkmk anterior a 2.2.0p17, 2.1.0p37 y 2.0.0p39 permite al usuario local escalar privilegios"
}
],
"id": "CVE-2023-6735",
"lastModified": "2024-11-21T08:44:26.960",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.0,
"impactScore": 6.0,
"source": "security@checkmk.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-01-12T08:15:43.650",
"references": [
{
"source": "security@checkmk.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://checkmk.com/werk/16273"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://checkmk.com/werk/16273"
}
],
"sourceIdentifier": "security@checkmk.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-95"
}
],
"source": "security@checkmk.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-269"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-04-04 07:15
Modified
2024-11-21 07:39
Severity ?
3.7 (Low) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Summary
Inappropriate error handling in Tribe29 Checkmk <= 2.1.0p25, <= 2.0.0p34, <= 2.2.0b3 (beta), and all versions of Checkmk 1.6.0 causes the symmetric encryption of agent data to fail silently and transmit the data in plaintext in certain configurations.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| security@checkmk.com | https://checkmk.com/werk/15423 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://checkmk.com/werk/15423 | Patch, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:checkmk:checkmk:1.6.0:-:*:*:*:*:*:*",
"matchCriteriaId": "5D63367A-3B90-462E-B6AD-1CB5721FD45E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:1.6.0:b1:*:*:*:*:*:*",
"matchCriteriaId": "E5E2E954-B3C3-4CC0-B2C8-0E2BEEC93016",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:1.6.0:b10:*:*:*:*:*:*",
"matchCriteriaId": "1638594A-84F1-44F6-BB30-D4CC73ECDA38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:1.6.0:b11:*:*:*:*:*:*",
"matchCriteriaId": "8BB84DA0-9033-4771-B293-80D283539F00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:1.6.0:b12:*:*:*:*:*:*",
"matchCriteriaId": "7B2757BF-E3B7-487A-8929-0208D3B0D3CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:1.6.0:b2:*:*:*:*:*:*",
"matchCriteriaId": "B5193296-508C-400E-868B-A0D86D178042",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:1.6.0:b3:*:*:*:*:*:*",
"matchCriteriaId": "F01E79D2-EFA4-4A7E-A286-3E86F52B429D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:1.6.0:b4:*:*:*:*:*:*",
"matchCriteriaId": "D12A6070-0542-4293-AE13-85D4E81E1672",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:1.6.0:b5:*:*:*:*:*:*",
"matchCriteriaId": "6AF633FE-DE7C-4548-9ED2-880E915FC33C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:1.6.0:b6:*:*:*:*:*:*",
"matchCriteriaId": "62F02BC2-7010-4038-B381-0B8A83930E83",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:1.6.0:b7:*:*:*:*:*:*",
"matchCriteriaId": "0E3BC8A3-56DE-4EE6-9AD2-26C6005DE2BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:1.6.0:b8:*:*:*:*:*:*",
"matchCriteriaId": "CB7C73EF-F306-4114-AD71-04BB7A5FD974",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:1.6.0:b9:*:*:*:*:*:*",
"matchCriteriaId": "F15190EF-E3F5-4AD1-B748-C0E63C8CB741",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:1.6.0:p1:*:*:*:*:*:*",
"matchCriteriaId": "30F84B89-7EC6-44E6-A164-4C170379D55C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:1.6.0:p10:*:*:*:*:*:*",
"matchCriteriaId": "DDA94D2F-F27C-4DF6-84AE-8ED1BBC7F61E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:1.6.0:p11:*:*:*:*:*:*",
"matchCriteriaId": "71CF8EFD-17F6-4D9A-961A-4B949A6C8B61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:1.6.0:p12:*:*:*:*:*:*",
"matchCriteriaId": "B04DC2A8-CF05-4FB2-AE2F-AE07943B998D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:1.6.0:p13:*:*:*:*:*:*",
"matchCriteriaId": "1F3BECA6-983C-436E-A635-4E1FB9080E56",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:1.6.0:p14:*:*:*:*:*:*",
"matchCriteriaId": "51A9A2B4-3693-490A-94E2-64E1DB795646",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:1.6.0:p15:*:*:*:*:*:*",
"matchCriteriaId": "C14AB385-8A9F-46FA-A1C5-4A4A45C1B7F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:1.6.0:p16:*:*:*:*:*:*",
"matchCriteriaId": "EC41CC5F-F088-4E65-B076-35665F0F6C7E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:1.6.0:p17:*:*:*:*:*:*",
"matchCriteriaId": "D599652E-9F70-4F9E-B8E9-99AB09EE851B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:1.6.0:p18:*:*:*:*:*:*",
"matchCriteriaId": "6DABDE38-A3AF-4DD2-928A-8B3A0AA054A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:1.6.0:p19:*:*:*:*:*:*",
"matchCriteriaId": "EC636B76-B050-4B73-A524-21862B020797",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:1.6.0:p2:*:*:*:*:*:*",
"matchCriteriaId": "D49B1D63-8FDD-45FD-99F0-AA9E4FBCCB00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:1.6.0:p20:*:*:*:*:*:*",
"matchCriteriaId": "8AFA4AF4-8395-4BBB-BA78-7116AC1DCDE7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:1.6.0:p21:*:*:*:*:*:*",
"matchCriteriaId": "5565C1C5-5C23-4449-AB87-49A304382387",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:1.6.0:p22:*:*:*:*:*:*",
"matchCriteriaId": "78320525-F346-4419-81E3-4A47BD17C808",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:1.6.0:p23:*:*:*:*:*:*",
"matchCriteriaId": "EA91018D-DA38-4026-9F47-383F16C85031",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:1.6.0:p24:*:*:*:*:*:*",
"matchCriteriaId": "E8DBEF67-A9AE-46D5-89D0-076CDB1AA06A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:1.6.0:p25:*:*:*:*:*:*",
"matchCriteriaId": "63E87316-1CB2-4CF4-B379-4284C8C39053",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:1.6.0:p26:*:*:*:*:*:*",
"matchCriteriaId": "75925C19-FBF4-4908-B8AD-E19E13B665DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:1.6.0:p27:*:*:*:*:*:*",
"matchCriteriaId": "66FC7193-674F-42AA-8064-93786B5474C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:1.6.0:p28:*:*:*:*:*:*",
"matchCriteriaId": "94BBC4B2-8AE6-4CCC-B194-5A4F9335AA84",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:1.6.0:p29:*:*:*:*:*:*",
"matchCriteriaId": "438E3BD0-93B3-4687-9E85-A08A5545FEB8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:1.6.0:p3:*:*:*:*:*:*",
"matchCriteriaId": "9CCE5845-1B77-4E97-B508-41400F4E1F31",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:1.6.0:p4:*:*:*:*:*:*",
"matchCriteriaId": "3FCED94F-7683-40FE-B511-F1F49CDD1F73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:1.6.0:p5:*:*:*:*:*:*",
"matchCriteriaId": "0C4E70EC-3D46-40CE-AD59-597EFD721014",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:1.6.0:p6:*:*:*:*:*:*",
"matchCriteriaId": "12E695A8-9A1E-4D7A-AB3B-AAC2CF777773",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:1.6.0:p7:*:*:*:*:*:*",
"matchCriteriaId": "653632A8-E700-404A-ADB2-B3A50253ECB0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:1.6.0:p8:*:*:*:*:*:*",
"matchCriteriaId": "60733789-DDA3-4819-A9F1-70B76AC715CB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:1.6.0:p9:*:*:*:*:*:*",
"matchCriteriaId": "D90DBA66-EF97-4CE9-AD4C-3A82F70D2250",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:-:*:*:*:*:*:*",
"matchCriteriaId": "F8EDFDCA-0778-4540-B1D5-D3A986258028",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:b1:*:*:*:*:*:*",
"matchCriteriaId": "54031390-D7E7-4A14-AA2F-923768B3685F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:b2:*:*:*:*:*:*",
"matchCriteriaId": "F1B7E35F-5A07-424E-AA09-AC54104D612B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:b3:*:*:*:*:*:*",
"matchCriteriaId": "8D4AC302-C8F5-4A2B-A73A-982D0AA2495A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:b4:*:*:*:*:*:*",
"matchCriteriaId": "7A058C71-C39E-4109-B570-4A061013D033",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:b5:*:*:*:*:*:*",
"matchCriteriaId": "22BCFA79-B3D6-4FFF-A3D3-8C4C97AF17C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:b6:*:*:*:*:*:*",
"matchCriteriaId": "2A1703D9-8EEB-432D-90E2-F847CDC4C204",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:b7:*:*:*:*:*:*",
"matchCriteriaId": "1A4C72BA-6D78-4911-83E4-4DABB2CAC47F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:b8:*:*:*:*:*:*",
"matchCriteriaId": "081FD127-1066-4019-B521-9FADB85DBD4A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:i1:*:*:*:*:*:*",
"matchCriteriaId": "C1A4F005-4823-4B2B-B4EF-4EFDB04CFB9B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:p1:*:*:*:*:*:*",
"matchCriteriaId": "357240B1-F0DA-4FA8-B782-D998951F4B54",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:p10:*:*:*:*:*:*",
"matchCriteriaId": "2F828F54-04E2-4B98-91A7-B09ED833E88B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:p11:*:*:*:*:*:*",
"matchCriteriaId": "A4B8B300-8264-40AB-A839-7EACB988163B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:p12:*:*:*:*:*:*",
"matchCriteriaId": "EB76A8DF-C870-482F-A488-DB2917ABD971",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:p13:*:*:*:*:*:*",
"matchCriteriaId": "04947B1B-CF67-4C11-8FE3-6C17FD35E2EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:p14:*:*:*:*:*:*",
"matchCriteriaId": "591AEC3C-2F48-4E91-9881-42EEDD039C5D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:p15:*:*:*:*:*:*",
"matchCriteriaId": "C5CA04C8-2C80-4C7E-B329-3FFCBEDEE663",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:p16:*:*:*:*:*:*",
"matchCriteriaId": "47A1C5AC-C8B7-495A-A5F4-CD4790358A2E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:p17:*:*:*:*:*:*",
"matchCriteriaId": "B87D8B46-5B04-460D-BBA1-BB19234DA19D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:p18:*:*:*:*:*:*",
"matchCriteriaId": "C59EA30A-0B7D-4E58-A503-8C2F16B45004",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:p19:*:*:*:*:*:*",
"matchCriteriaId": "F2849E4C-09D1-48A5-B28E-F7A4CD3E8967",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:p2:*:*:*:*:*:*",
"matchCriteriaId": "F1E5549E-3272-478D-85D0-6F53EE731183",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:p20:*:*:*:*:*:*",
"matchCriteriaId": "CD0EA35B-EBFF-4E6F-BD2E-4BE165E81A3F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:p21:*:*:*:*:*:*",
"matchCriteriaId": "3F2C76F2-D457-4C7C-BE76-515CA45CA161",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:p22:*:*:*:*:*:*",
"matchCriteriaId": "0E5A374E-56C5-4EBA-967C-CDFE6A967DFD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:p23:*:*:*:*:*:*",
"matchCriteriaId": "7D4568F0-8CCD-4517-B4E9-7E2CA228D659",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:p24:*:*:*:*:*:*",
"matchCriteriaId": "96893FF5-B85E-45AF-9020-5D767E954D6D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:p25:*:*:*:*:*:*",
"matchCriteriaId": "425ABB56-3A2E-40E3-9701-E638F16E6ADD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:p26:*:*:*:*:*:*",
"matchCriteriaId": "9EEF6054-B3B5-4AAC-B24B-147A38564992",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:p27:*:*:*:*:*:*",
"matchCriteriaId": "462C2826-237E-4061-8F14-3DE09CE9952C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:p28:*:*:*:*:*:*",
"matchCriteriaId": "8DE8F008-1FC0-416C-B0D4-5A560CF985F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:p29:*:*:*:*:*:*",
"matchCriteriaId": "53AA0AB2-E814-4378-9486-D9192293C1DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:p3:*:*:*:*:*:*",
"matchCriteriaId": "D884D3AF-7D57-4DF6-82E8-556C35319ED2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:p30:*:*:*:*:*:*",
"matchCriteriaId": "2F6A123B-D6D3-4C46-9595-4D8138FC31C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:p31:*:*:*:*:*:*",
"matchCriteriaId": "4245029F-D95D-4364-BB29-8C60F5461070",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:p32:*:*:*:*:*:*",
"matchCriteriaId": "C67473D2-A96B-4ACD-B248-A0AF2E3C9738",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:p33:*:*:*:*:*:*",
"matchCriteriaId": "B22FDFE4-844F-449B-88D7-E7EDC92EC752",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:p34:*:*:*:*:*:*",
"matchCriteriaId": "01D13D8E-61F2-406C-8EE5-FDDD9BDCCF71",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:p4:*:*:*:*:*:*",
"matchCriteriaId": "528BAFA3-ED39-45B5-8C81-A6FD76DDB49B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:p5:*:*:*:*:*:*",
"matchCriteriaId": "02DA7C50-7360-4679-93A5-92C8DC5E8E46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:p6:*:*:*:*:*:*",
"matchCriteriaId": "71B49D90-9522-46C6-8948-B9C21CEA473C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:p7:*:*:*:*:*:*",
"matchCriteriaId": "98C29296-D1F3-45A2-BF0A-22333150F416",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:p8:*:*:*:*:*:*",
"matchCriteriaId": "339226E6-532F-4FE2-A543-6B166A9BA7F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:p9:*:*:*:*:*:*",
"matchCriteriaId": "986FDFA6-BE12-4268-9B90-F7D469BBE517",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.1.0:-:*:*:*:*:*:*",
"matchCriteriaId": "1AE224D8-742B-4D1F-ABBE-3DDA3EA5C5AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.1.0:b1:*:*:*:*:*:*",
"matchCriteriaId": "1E6FCE7B-7ECE-42A4-82C5-12A647B0CCC8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.1.0:b2:*:*:*:*:*:*",
"matchCriteriaId": "923AA113-D5E7-4F78-88BA-B72EF250F3EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.1.0:b3:*:*:*:*:*:*",
"matchCriteriaId": "B1984F57-A313-48AC-B8F9-F352D82824D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.1.0:b4:*:*:*:*:*:*",
"matchCriteriaId": "A38DB527-72A6-40B8-B46F-B8E78BFFDB1F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.1.0:b5:*:*:*:*:*:*",
"matchCriteriaId": "67643E11-91A1-4580-BC4C-574074C862CB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.1.0:b6:*:*:*:*:*:*",
"matchCriteriaId": "350B7E0F-D234-4D7C-91E4-F35E73579A24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.1.0:b7:*:*:*:*:*:*",
"matchCriteriaId": "DE58ACA9-8078-46A7-8487-C06E4E38F372",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.1.0:b8:*:*:*:*:*:*",
"matchCriteriaId": "B3D8CF4D-E1F8-4D8D-A8A9-1783CAC869E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.1.0:b9:*:*:*:*:*:*",
"matchCriteriaId": "58B0B051-7D3C-4EC7-96B0-38A1CC108D61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.1.0:p1:*:*:*:*:*:*",
"matchCriteriaId": "B783A741-AAF2-43EE-8272-9239133A01E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.1.0:p10:*:*:*:*:*:*",
"matchCriteriaId": "A5F275A3-A99E-40E1-BD77-694FA568541F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.1.0:p11:*:*:*:*:*:*",
"matchCriteriaId": "3A44BF1A-5BE0-4412-B51D-055445758B61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.1.0:p12:*:*:*:*:*:*",
"matchCriteriaId": "A31BAE94-9096-4320-AC19-AA204E8EC08D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.1.0:p13:*:*:*:*:*:*",
"matchCriteriaId": "1B0784EA-98E8-4490-B97B-894F188A223D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.1.0:p14:*:*:*:*:*:*",
"matchCriteriaId": "A56A901F-1040-4DB9-9BE3-FE1999C514CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.1.0:p15:*:*:*:*:*:*",
"matchCriteriaId": "58A904FC-C015-469D-8502-E678D5FDBD06",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.1.0:p16:*:*:*:*:*:*",
"matchCriteriaId": "1B5D109C-60AA-4FA4-9B10-2191AAF109F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.1.0:p17:*:*:*:*:*:*",
"matchCriteriaId": "37297866-24BB-4044-8744-EC0A8C29F152",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.1.0:p18:*:*:*:*:*:*",
"matchCriteriaId": "F9D4A171-CCB3-43B8-8B70-78610423E7C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.1.0:p2:*:*:*:*:*:*",
"matchCriteriaId": "4DA8F776-A724-48FC-B7EF-13788BC69753",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.1.0:p20:*:*:*:*:*:*",
"matchCriteriaId": "46F42A22-99F2-4DF5-9B00-3123396F87AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.1.0:p21:*:*:*:*:*:*",
"matchCriteriaId": "1C59D4D3-D526-4E6B-B3AA-FE485D030190",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.1.0:p22:*:*:*:*:*:*",
"matchCriteriaId": "65E5CAE6-DC8B-47B3-84A0-D79B0C33EB45",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.1.0:p23:*:*:*:*:*:*",
"matchCriteriaId": "8B9E0D89-79E2-476A-8A3E-8443316BC310",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.1.0:p24:*:*:*:*:*:*",
"matchCriteriaId": "38EA0591-C30B-4102-8A06-1B922FD3A0C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.1.0:p25:*:*:*:*:*:*",
"matchCriteriaId": "5E9AF0D3-8DD6-4EC7-BB33-54401D4025FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.1.0:p3:*:*:*:*:*:*",
"matchCriteriaId": "076463AA-195F-4CD6-861B-72FE1C8A407F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.1.0:p4:*:*:*:*:*:*",
"matchCriteriaId": "63043834-98E5-47C2-91F1-41B98270ABCA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.1.0:p5:*:*:*:*:*:*",
"matchCriteriaId": "FCF745D0-2EA6-4414-90BC-99D3ED08BB01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.1.0:p6:*:*:*:*:*:*",
"matchCriteriaId": "4823087F-D7FA-4594-8FD3-412DE5EA1F02",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.1.0:p7:*:*:*:*:*:*",
"matchCriteriaId": "6429F9CE-D477-4CFF-B6E0-4BF11B61ED0E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.1.0:p8:*:*:*:*:*:*",
"matchCriteriaId": "A50C58F9-94ED-4D85-8331-2D81F8E0760A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.1.0:p9:*:*:*:*:*:*",
"matchCriteriaId": "9A6AC0BD-FB65-4FAA-B344-66F87F16F8B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.2.0:-:*:*:*:*:*:*",
"matchCriteriaId": "C66704F1-0B5E-4B43-8748-987022F378F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.2.0:b1:*:*:*:*:*:*",
"matchCriteriaId": "B068974F-6F67-4CBB-B567-FCED86E28F22",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.2.0:b2:*:*:*:*:*:*",
"matchCriteriaId": "EA70F36A-EEF6-48DC-B15E-055D0DE8A052",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.2.0:b3:*:*:*:*:*:*",
"matchCriteriaId": "B2017F38-38DB-4E96-B34F-160BC731CBBE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tribe29:checkmk:1.6.0b10:*:*:*:*:*:*:*",
"matchCriteriaId": "3EE29788-9815-47C5-88CC-039E82348482",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tribe29:checkmk:1.6.0b11:*:*:*:*:*:*:*",
"matchCriteriaId": "AF943CDA-131A-4951-9281-C0F7711C511B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tribe29:checkmk:1.6.0p10:*:*:*:*:*:*:*",
"matchCriteriaId": "2FA770FD-D758-4590-9A6E-5A87E137C53E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tribe29:checkmk:1.6.0p11:*:*:*:*:*:*:*",
"matchCriteriaId": "B75CFABF-93B3-46C4-A78E-5E160FB2D9A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tribe29:checkmk:1.6.0p12:*:*:*:*:*:*:*",
"matchCriteriaId": "EA90BF5B-3277-422C-A8AF-1562903970D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tribe29:checkmk:1.6.0p13:*:*:*:*:*:*:*",
"matchCriteriaId": "DE41BD2C-203A-4482-9FFB-E2116E222100",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tribe29:checkmk:1.6.0p14:*:*:*:*:*:*:*",
"matchCriteriaId": "ECB3F23B-1D5C-4299-8F07-0B371C9803E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tribe29:checkmk:1.6.0p15:*:*:*:*:*:*:*",
"matchCriteriaId": "C6EBDA72-FB06-40DE-9116-44F4BC3BB5E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tribe29:checkmk:1.6.0p16:*:*:*:*:*:*:*",
"matchCriteriaId": "9BF55580-2393-4DC6-88F5-9B0C6797FD21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tribe29:checkmk:1.6.0p17:*:*:*:*:*:*:*",
"matchCriteriaId": "6786541D-CB3B-432D-8D0F-05178237FE4C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tribe29:checkmk:1.6.0p18:*:*:*:*:*:*:*",
"matchCriteriaId": "E668FDEE-6503-4FF5-BA24-DD84180CB38A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Inappropriate error handling in Tribe29 Checkmk \u003c= 2.1.0p25, \u003c= 2.0.0p34, \u003c= 2.2.0b3 (beta), and all versions of Checkmk 1.6.0 causes the symmetric encryption of agent data to fail silently and transmit the data in plaintext in certain configurations."
}
],
"id": "CVE-2023-1768",
"lastModified": "2024-11-21T07:39:52.147",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.7,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 1.4,
"source": "security@checkmk.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-04-04T07:15:11.697",
"references": [
{
"source": "security@checkmk.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://checkmk.com/werk/15423"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://checkmk.com/werk/15423"
}
],
"sourceIdentifier": "security@checkmk.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-446"
}
],
"source": "security@checkmk.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-03-25 23:15
Modified
2024-11-21 06:25
Severity ?
Summary
CheckMK Raw Edition software (versions 1.5.0 to 1.6.0) does not sanitise the input of a web service parameter that is in an unauthenticated zone. This Reflected XSS allows an attacker to open a backdoor on the device with HTML content and interpreted by the browser (such as JavaScript or other client-side scripts) or to steal the session cookies of a user who has previously authenticated via a man in the middle. Successful exploitation requires access to the web service resource without authentication.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://checkmk.com | Product | |
| cve@mitre.org | https://github.com/Edgarloyola/CVE-2021-40906 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://checkmk.com | Product | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/Edgarloyola/CVE-2021-40906 | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| checkmk | checkmk | * | |
| checkmk | checkmk | 1.6.0 | |
| checkmk | checkmk | 1.6.0 | |
| checkmk | checkmk | 1.6.0 | |
| checkmk | checkmk | 1.6.0 | |
| checkmk | checkmk | 1.6.0 | |
| checkmk | checkmk | 1.6.0 | |
| checkmk | checkmk | 1.6.0 | |
| checkmk | checkmk | 1.6.0 | |
| checkmk | checkmk | 1.6.0 | |
| checkmk | checkmk | 1.6.0 | |
| checkmk | checkmk | 1.6.0 | |
| checkmk | checkmk | 1.6.0 | |
| checkmk | checkmk | 1.6.0 | |
| checkmk | checkmk | 1.6.0 | |
| checkmk | checkmk | 1.6.0 | |
| checkmk | checkmk | 1.6.0 | |
| checkmk | checkmk | 1.6.0 | |
| checkmk | checkmk | 1.6.0 | |
| checkmk | checkmk | 1.6.0 | |
| checkmk | checkmk | 1.6.0 | |
| checkmk | checkmk | 1.6.0 | |
| checkmk | checkmk | 1.6.0 | |
| checkmk | checkmk | 1.6.0 | |
| checkmk | checkmk | 1.6.0 | |
| checkmk | checkmk | 1.6.0 | |
| checkmk | checkmk | 1.6.0 | |
| checkmk | checkmk | 1.6.0 | |
| checkmk | checkmk | 1.6.0 | |
| checkmk | checkmk | 1.6.0 | |
| checkmk | checkmk | 1.6.0 | |
| checkmk | checkmk | 1.6.0 | |
| tribe29 | checkmk | 1.6.0b10 | |
| tribe29 | checkmk | 1.6.0b11 | |
| tribe29 | checkmk | 1.6.0p10 | |
| tribe29 | checkmk | 1.6.0p17 | |
| tribe29 | checkmk | 1.6.0p18 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:checkmk:checkmk:*:*:*:*:*:*:*:*",
"matchCriteriaId": "52593590-1B3F-497C-B1CA-B2395CC7F5FD",
"versionEndExcluding": "1.6.0",
"versionStartIncluding": "1.5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:1.6.0:-:*:*:*:*:*:*",
"matchCriteriaId": "5D63367A-3B90-462E-B6AD-1CB5721FD45E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:1.6.0:b1:*:*:*:*:*:*",
"matchCriteriaId": "E5E2E954-B3C3-4CC0-B2C8-0E2BEEC93016",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:1.6.0:b10:*:*:*:*:*:*",
"matchCriteriaId": "1638594A-84F1-44F6-BB30-D4CC73ECDA38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:1.6.0:b12:*:*:*:*:*:*",
"matchCriteriaId": "7B2757BF-E3B7-487A-8929-0208D3B0D3CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:1.6.0:b3:*:*:*:*:*:*",
"matchCriteriaId": "F01E79D2-EFA4-4A7E-A286-3E86F52B429D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:1.6.0:b4:*:*:*:*:*:*",
"matchCriteriaId": "D12A6070-0542-4293-AE13-85D4E81E1672",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:1.6.0:b5:*:*:*:*:*:*",
"matchCriteriaId": "6AF633FE-DE7C-4548-9ED2-880E915FC33C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:1.6.0:b9:*:*:*:*:*:*",
"matchCriteriaId": "F15190EF-E3F5-4AD1-B748-C0E63C8CB741",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:1.6.0:p1:*:*:*:*:*:*",
"matchCriteriaId": "30F84B89-7EC6-44E6-A164-4C170379D55C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:1.6.0:p10:*:*:*:*:*:*",
"matchCriteriaId": "DDA94D2F-F27C-4DF6-84AE-8ED1BBC7F61E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:1.6.0:p11:*:*:*:*:*:*",
"matchCriteriaId": "71CF8EFD-17F6-4D9A-961A-4B949A6C8B61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:1.6.0:p12:*:*:*:*:*:*",
"matchCriteriaId": "B04DC2A8-CF05-4FB2-AE2F-AE07943B998D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:1.6.0:p13:*:*:*:*:*:*",
"matchCriteriaId": "1F3BECA6-983C-436E-A635-4E1FB9080E56",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:1.6.0:p14:*:*:*:*:*:*",
"matchCriteriaId": "51A9A2B4-3693-490A-94E2-64E1DB795646",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:1.6.0:p15:*:*:*:*:*:*",
"matchCriteriaId": "C14AB385-8A9F-46FA-A1C5-4A4A45C1B7F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:1.6.0:p16:*:*:*:*:*:*",
"matchCriteriaId": "EC41CC5F-F088-4E65-B076-35665F0F6C7E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:1.6.0:p19:*:*:*:*:*:*",
"matchCriteriaId": "EC636B76-B050-4B73-A524-21862B020797",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:1.6.0:p2:*:*:*:*:*:*",
"matchCriteriaId": "D49B1D63-8FDD-45FD-99F0-AA9E4FBCCB00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:1.6.0:p20:*:*:*:*:*:*",
"matchCriteriaId": "8AFA4AF4-8395-4BBB-BA78-7116AC1DCDE7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:1.6.0:p21:*:*:*:*:*:*",
"matchCriteriaId": "5565C1C5-5C23-4449-AB87-49A304382387",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:1.6.0:p22:*:*:*:*:*:*",
"matchCriteriaId": "78320525-F346-4419-81E3-4A47BD17C808",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:1.6.0:p23:*:*:*:*:*:*",
"matchCriteriaId": "EA91018D-DA38-4026-9F47-383F16C85031",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:1.6.0:p24:*:*:*:*:*:*",
"matchCriteriaId": "E8DBEF67-A9AE-46D5-89D0-076CDB1AA06A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:1.6.0:p25:*:*:*:*:*:*",
"matchCriteriaId": "63E87316-1CB2-4CF4-B379-4284C8C39053",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:1.6.0:p3:*:*:*:*:*:*",
"matchCriteriaId": "9CCE5845-1B77-4E97-B508-41400F4E1F31",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:1.6.0:p4:*:*:*:*:*:*",
"matchCriteriaId": "3FCED94F-7683-40FE-B511-F1F49CDD1F73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:1.6.0:p5:*:*:*:*:*:*",
"matchCriteriaId": "0C4E70EC-3D46-40CE-AD59-597EFD721014",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:1.6.0:p6:*:*:*:*:*:*",
"matchCriteriaId": "12E695A8-9A1E-4D7A-AB3B-AAC2CF777773",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:1.6.0:p7:*:*:*:*:*:*",
"matchCriteriaId": "653632A8-E700-404A-ADB2-B3A50253ECB0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:1.6.0:p8:*:*:*:*:*:*",
"matchCriteriaId": "60733789-DDA3-4819-A9F1-70B76AC715CB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:1.6.0:p9:*:*:*:*:*:*",
"matchCriteriaId": "D90DBA66-EF97-4CE9-AD4C-3A82F70D2250",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tribe29:checkmk:1.6.0b10:*:*:*:*:*:*:*",
"matchCriteriaId": "3EE29788-9815-47C5-88CC-039E82348482",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tribe29:checkmk:1.6.0b11:*:*:*:*:*:*:*",
"matchCriteriaId": "AF943CDA-131A-4951-9281-C0F7711C511B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tribe29:checkmk:1.6.0p10:*:*:*:*:*:*:*",
"matchCriteriaId": "2FA770FD-D758-4590-9A6E-5A87E137C53E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tribe29:checkmk:1.6.0p17:*:*:*:*:*:*:*",
"matchCriteriaId": "6786541D-CB3B-432D-8D0F-05178237FE4C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tribe29:checkmk:1.6.0p18:*:*:*:*:*:*:*",
"matchCriteriaId": "E668FDEE-6503-4FF5-BA24-DD84180CB38A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "CheckMK Raw Edition software (versions 1.5.0 to 1.6.0) does not sanitise the input of a web service parameter that is in an unauthenticated zone. This Reflected XSS allows an attacker to open a backdoor on the device with HTML content and interpreted by the browser (such as JavaScript or other client-side scripts) or to steal the session cookies of a user who has previously authenticated via a man in the middle. Successful exploitation requires access to the web service resource without authentication."
},
{
"lang": "es",
"value": "El software CheckMK Raw Edition (versiones 1.5.0 a 1.6.0) no sanea la entrada de un par\u00e1metro de servicio web que est\u00e1 en una zona no autenticada. Este ataque de tipo XSS reflejado permite a un atacante abrir una puerta trasera en el dispositivo con contenido HTML e interpretado por el navegador (como JavaScript u otros scripts del lado del cliente) o robar las cookies de sesi\u00f3n de un usuario que se haya autenticado previamente por medio de un ataque de tipo man in the middle. Una explotaci\u00f3n con \u00e9xito requiere el acceso al recurso del servicio web sin autenticaci\u00f3n"
}
],
"id": "CVE-2021-40906",
"lastModified": "2024-11-21T06:25:04.797",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-03-25T23:15:08.287",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Product"
],
"url": "http://checkmk.com"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/Edgarloyola/CVE-2021-40906"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
],
"url": "http://checkmk.com"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/Edgarloyola/CVE-2021-40906"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-03-25 23:15
Modified
2024-11-21 06:25
Severity ?
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
The web management console of CheckMK Enterprise Edition (versions 1.5.0 to 2.0.0p9) does not properly sanitise the uploading of ".mkp" files, which are Extension Packages, making remote code execution possible. Successful exploitation requires access to the web management interface, either with valid credentials or with a hijacked session of a user with administrator role. NOTE: the vendor states that this is the intended behavior: admins are supposed to be able to execute code in this manner
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://checkmk.com | Product | |
| cve@mitre.org | https://github.com/Edgarloyola/CVE-2021-40905 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://checkmk.com | Product | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/Edgarloyola/CVE-2021-40905 | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| checkmk | checkmk | 2.0.0 | |
| checkmk | checkmk | 2.0.0 | |
| checkmk | checkmk | 2.0.0 | |
| checkmk | checkmk | 2.0.0 | |
| checkmk | checkmk | 2.0.0 | |
| checkmk | checkmk | 2.0.0 | |
| checkmk | checkmk | 2.0.0 | |
| checkmk | checkmk | 2.0.0 | |
| checkmk | checkmk | 2.0.0 | |
| checkmk | checkmk | 2.0.0 | |
| checkmk | checkmk | 2.0.0 | |
| checkmk | checkmk | 2.0.0 | |
| checkmk | checkmk | 2.0.0 | |
| checkmk | checkmk | 2.0.0 | |
| checkmk | checkmk | 2.0.0 | |
| checkmk | checkmk | 2.0.0 | |
| checkmk | checkmk | 2.0.0 | |
| checkmk | checkmk | 2.0.0 | |
| checkmk | checkmk | 2.0.0 | |
| checkmk | checkmk | 2.0.0 | |
| checkmk | checkmk | 2.0.0 | |
| checkmk | checkmk | 2.0.0 | |
| checkmk | checkmk | 2.0.0 | |
| checkmk | checkmk | 2.0.0 | |
| checkmk | checkmk | 2.0.0 | |
| checkmk | checkmk | 2.0.0 | |
| checkmk | checkmk | 2.0.0 | |
| tribe29 | checkmk | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:-:*:*:*:*:*:*",
"matchCriteriaId": "F8EDFDCA-0778-4540-B1D5-D3A986258028",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:b1:*:*:*:*:*:*",
"matchCriteriaId": "54031390-D7E7-4A14-AA2F-923768B3685F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:b2:*:*:*:*:*:*",
"matchCriteriaId": "F1B7E35F-5A07-424E-AA09-AC54104D612B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:b3:*:*:*:*:*:*",
"matchCriteriaId": "8D4AC302-C8F5-4A2B-A73A-982D0AA2495A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:b4:*:*:*:*:*:*",
"matchCriteriaId": "7A058C71-C39E-4109-B570-4A061013D033",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:b5:*:*:*:*:*:*",
"matchCriteriaId": "22BCFA79-B3D6-4FFF-A3D3-8C4C97AF17C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:b6:*:*:*:*:*:*",
"matchCriteriaId": "2A1703D9-8EEB-432D-90E2-F847CDC4C204",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:b7:*:*:*:*:*:*",
"matchCriteriaId": "1A4C72BA-6D78-4911-83E4-4DABB2CAC47F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:b8:*:*:*:*:*:*",
"matchCriteriaId": "081FD127-1066-4019-B521-9FADB85DBD4A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:i1:*:*:*:*:*:*",
"matchCriteriaId": "C1A4F005-4823-4B2B-B4EF-4EFDB04CFB9B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:p1:*:*:*:*:*:*",
"matchCriteriaId": "357240B1-F0DA-4FA8-B782-D998951F4B54",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:p10:*:*:*:*:*:*",
"matchCriteriaId": "2F828F54-04E2-4B98-91A7-B09ED833E88B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:p11:*:*:*:*:*:*",
"matchCriteriaId": "A4B8B300-8264-40AB-A839-7EACB988163B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:p12:*:*:*:*:*:*",
"matchCriteriaId": "EB76A8DF-C870-482F-A488-DB2917ABD971",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:p13:*:*:*:*:*:*",
"matchCriteriaId": "04947B1B-CF67-4C11-8FE3-6C17FD35E2EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:p14:*:*:*:*:*:*",
"matchCriteriaId": "591AEC3C-2F48-4E91-9881-42EEDD039C5D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:p15:*:*:*:*:*:*",
"matchCriteriaId": "C5CA04C8-2C80-4C7E-B329-3FFCBEDEE663",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:p16:*:*:*:*:*:*",
"matchCriteriaId": "47A1C5AC-C8B7-495A-A5F4-CD4790358A2E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:p17:*:*:*:*:*:*",
"matchCriteriaId": "B87D8B46-5B04-460D-BBA1-BB19234DA19D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:p2:*:*:*:*:*:*",
"matchCriteriaId": "F1E5549E-3272-478D-85D0-6F53EE731183",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:p3:*:*:*:*:*:*",
"matchCriteriaId": "D884D3AF-7D57-4DF6-82E8-556C35319ED2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:p4:*:*:*:*:*:*",
"matchCriteriaId": "528BAFA3-ED39-45B5-8C81-A6FD76DDB49B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:p5:*:*:*:*:*:*",
"matchCriteriaId": "02DA7C50-7360-4679-93A5-92C8DC5E8E46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:p6:*:*:*:*:*:*",
"matchCriteriaId": "71B49D90-9522-46C6-8948-B9C21CEA473C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:p7:*:*:*:*:*:*",
"matchCriteriaId": "98C29296-D1F3-45A2-BF0A-22333150F416",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:p8:*:*:*:*:*:*",
"matchCriteriaId": "339226E6-532F-4FE2-A543-6B166A9BA7F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:p9:*:*:*:*:*:*",
"matchCriteriaId": "986FDFA6-BE12-4268-9B90-F7D469BBE517",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tribe29:checkmk:*:*:*:*:*:*:*:*",
"matchCriteriaId": "564469A7-7D79-40BF-9177-2D95D502AD2F",
"versionEndExcluding": "2.0.0",
"versionStartIncluding": "1.5.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [
{
"sourceIdentifier": "cve@mitre.org",
"tags": [
"disputed"
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The web management console of CheckMK Enterprise Edition (versions 1.5.0 to 2.0.0p9) does not properly sanitise the uploading of \".mkp\" files, which are Extension Packages, making remote code execution possible. Successful exploitation requires access to the web management interface, either with valid credentials or with a hijacked session of a user with administrator role. NOTE: the vendor states that this is the intended behavior: admins are supposed to be able to execute code in this manner"
},
{
"lang": "es",
"value": "** EN DISTPUTA ** La consola de administraci\u00f3n web de CheckMK Enterprise Edition (versiones 1.5.0 a 2.0.0p9) no sanea correctamente la carga de archivos \".mkp\", que son Paquetes de Extensi\u00f3n, haciendo posible una ejecuci\u00f3n de c\u00f3digo remota. Una explotaci\u00f3n con \u00e9xito requiere el acceso a la interfaz de administraci\u00f3n web, ya sea con credenciales v\u00e1lidas o con una sesi\u00f3n secuestrada de un usuario con rol de administrador. NOTA: el proveedor afirma que este es el comportamiento previsto: se supone que los administradores pueden ejecutar c\u00f3digo de esta manera"
}
],
"id": "CVE-2021-40905",
"lastModified": "2024-11-21T06:25:04.480",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2022-03-25T23:15:08.237",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Product"
],
"url": "http://checkmk.com"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/Edgarloyola/CVE-2021-40905"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
],
"url": "http://checkmk.com"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/Edgarloyola/CVE-2021-40905"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-434"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-434"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-05-20 23:15
Modified
2024-11-21 07:04
Severity ?
8.2 (High) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
6.7 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
6.7 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Summary
In Checkmk before 1.6.0p29, 2.x before 2.0.0p25, and 2.1.x before 2.1.0b10, a site user can escalate to root by editing an OMD hook symlink.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://checkmk.com/werk/13902 | Vendor Advisory | |
| cve@mitre.org | https://forum.checkmk.com/c/announcements/18 | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://checkmk.com/werk/13902 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://forum.checkmk.com/c/announcements/18 | Release Notes, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:checkmk:checkmk:*:*:*:*:*:*:*:*",
"matchCriteriaId": "706DB623-2336-4C3A-8393-CC7C1C71A1F0",
"versionEndExcluding": "1.6.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:1.6.0:b1:*:*:*:*:*:*",
"matchCriteriaId": "E5E2E954-B3C3-4CC0-B2C8-0E2BEEC93016",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:1.6.0:b10:*:*:*:*:*:*",
"matchCriteriaId": "1638594A-84F1-44F6-BB30-D4CC73ECDA38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:1.6.0:b12:*:*:*:*:*:*",
"matchCriteriaId": "7B2757BF-E3B7-487A-8929-0208D3B0D3CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:1.6.0:b3:*:*:*:*:*:*",
"matchCriteriaId": "F01E79D2-EFA4-4A7E-A286-3E86F52B429D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:1.6.0:b4:*:*:*:*:*:*",
"matchCriteriaId": "D12A6070-0542-4293-AE13-85D4E81E1672",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:1.6.0:b5:*:*:*:*:*:*",
"matchCriteriaId": "6AF633FE-DE7C-4548-9ED2-880E915FC33C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:1.6.0:b9:*:*:*:*:*:*",
"matchCriteriaId": "F15190EF-E3F5-4AD1-B748-C0E63C8CB741",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:1.6.0:p1:*:*:*:*:*:*",
"matchCriteriaId": "30F84B89-7EC6-44E6-A164-4C170379D55C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:1.6.0:p10:*:*:*:*:*:*",
"matchCriteriaId": "DDA94D2F-F27C-4DF6-84AE-8ED1BBC7F61E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:1.6.0:p11:*:*:*:*:*:*",
"matchCriteriaId": "71CF8EFD-17F6-4D9A-961A-4B949A6C8B61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:1.6.0:p12:*:*:*:*:*:*",
"matchCriteriaId": "B04DC2A8-CF05-4FB2-AE2F-AE07943B998D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:1.6.0:p13:*:*:*:*:*:*",
"matchCriteriaId": "1F3BECA6-983C-436E-A635-4E1FB9080E56",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:1.6.0:p14:*:*:*:*:*:*",
"matchCriteriaId": "51A9A2B4-3693-490A-94E2-64E1DB795646",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:1.6.0:p15:*:*:*:*:*:*",
"matchCriteriaId": "C14AB385-8A9F-46FA-A1C5-4A4A45C1B7F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:1.6.0:p16:*:*:*:*:*:*",
"matchCriteriaId": "EC41CC5F-F088-4E65-B076-35665F0F6C7E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:1.6.0:p19:*:*:*:*:*:*",
"matchCriteriaId": "EC636B76-B050-4B73-A524-21862B020797",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:1.6.0:p2:*:*:*:*:*:*",
"matchCriteriaId": "D49B1D63-8FDD-45FD-99F0-AA9E4FBCCB00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:1.6.0:p20:*:*:*:*:*:*",
"matchCriteriaId": "8AFA4AF4-8395-4BBB-BA78-7116AC1DCDE7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:1.6.0:p21:*:*:*:*:*:*",
"matchCriteriaId": "5565C1C5-5C23-4449-AB87-49A304382387",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:1.6.0:p22:*:*:*:*:*:*",
"matchCriteriaId": "78320525-F346-4419-81E3-4A47BD17C808",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:1.6.0:p23:*:*:*:*:*:*",
"matchCriteriaId": "EA91018D-DA38-4026-9F47-383F16C85031",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:1.6.0:p24:*:*:*:*:*:*",
"matchCriteriaId": "E8DBEF67-A9AE-46D5-89D0-076CDB1AA06A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:1.6.0:p25:*:*:*:*:*:*",
"matchCriteriaId": "63E87316-1CB2-4CF4-B379-4284C8C39053",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:1.6.0:p26:*:*:*:*:*:*",
"matchCriteriaId": "75925C19-FBF4-4908-B8AD-E19E13B665DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:1.6.0:p27:*:*:*:*:*:*",
"matchCriteriaId": "66FC7193-674F-42AA-8064-93786B5474C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:1.6.0:p28:*:*:*:*:*:*",
"matchCriteriaId": "94BBC4B2-8AE6-4CCC-B194-5A4F9335AA84",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:1.6.0:p3:*:*:*:*:*:*",
"matchCriteriaId": "9CCE5845-1B77-4E97-B508-41400F4E1F31",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:1.6.0:p4:*:*:*:*:*:*",
"matchCriteriaId": "3FCED94F-7683-40FE-B511-F1F49CDD1F73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:1.6.0:p5:*:*:*:*:*:*",
"matchCriteriaId": "0C4E70EC-3D46-40CE-AD59-597EFD721014",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:1.6.0:p6:*:*:*:*:*:*",
"matchCriteriaId": "12E695A8-9A1E-4D7A-AB3B-AAC2CF777773",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:1.6.0:p7:*:*:*:*:*:*",
"matchCriteriaId": "653632A8-E700-404A-ADB2-B3A50253ECB0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:1.6.0:p8:*:*:*:*:*:*",
"matchCriteriaId": "60733789-DDA3-4819-A9F1-70B76AC715CB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:1.6.0:p9:*:*:*:*:*:*",
"matchCriteriaId": "D90DBA66-EF97-4CE9-AD4C-3A82F70D2250",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:-:*:*:*:*:*:*",
"matchCriteriaId": "F8EDFDCA-0778-4540-B1D5-D3A986258028",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:b1:*:*:*:*:*:*",
"matchCriteriaId": "54031390-D7E7-4A14-AA2F-923768B3685F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:b2:*:*:*:*:*:*",
"matchCriteriaId": "F1B7E35F-5A07-424E-AA09-AC54104D612B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:b3:*:*:*:*:*:*",
"matchCriteriaId": "8D4AC302-C8F5-4A2B-A73A-982D0AA2495A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:b4:*:*:*:*:*:*",
"matchCriteriaId": "7A058C71-C39E-4109-B570-4A061013D033",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:b5:*:*:*:*:*:*",
"matchCriteriaId": "22BCFA79-B3D6-4FFF-A3D3-8C4C97AF17C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:b6:*:*:*:*:*:*",
"matchCriteriaId": "2A1703D9-8EEB-432D-90E2-F847CDC4C204",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:b7:*:*:*:*:*:*",
"matchCriteriaId": "1A4C72BA-6D78-4911-83E4-4DABB2CAC47F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:b8:*:*:*:*:*:*",
"matchCriteriaId": "081FD127-1066-4019-B521-9FADB85DBD4A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:i1:*:*:*:*:*:*",
"matchCriteriaId": "C1A4F005-4823-4B2B-B4EF-4EFDB04CFB9B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:p1:*:*:*:*:*:*",
"matchCriteriaId": "357240B1-F0DA-4FA8-B782-D998951F4B54",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:p10:*:*:*:*:*:*",
"matchCriteriaId": "2F828F54-04E2-4B98-91A7-B09ED833E88B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:p11:*:*:*:*:*:*",
"matchCriteriaId": "A4B8B300-8264-40AB-A839-7EACB988163B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:p12:*:*:*:*:*:*",
"matchCriteriaId": "EB76A8DF-C870-482F-A488-DB2917ABD971",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:p13:*:*:*:*:*:*",
"matchCriteriaId": "04947B1B-CF67-4C11-8FE3-6C17FD35E2EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:p14:*:*:*:*:*:*",
"matchCriteriaId": "591AEC3C-2F48-4E91-9881-42EEDD039C5D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:p15:*:*:*:*:*:*",
"matchCriteriaId": "C5CA04C8-2C80-4C7E-B329-3FFCBEDEE663",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:p16:*:*:*:*:*:*",
"matchCriteriaId": "47A1C5AC-C8B7-495A-A5F4-CD4790358A2E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:p17:*:*:*:*:*:*",
"matchCriteriaId": "B87D8B46-5B04-460D-BBA1-BB19234DA19D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:p18:*:*:*:*:*:*",
"matchCriteriaId": "C59EA30A-0B7D-4E58-A503-8C2F16B45004",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:p19:*:*:*:*:*:*",
"matchCriteriaId": "F2849E4C-09D1-48A5-B28E-F7A4CD3E8967",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:p2:*:*:*:*:*:*",
"matchCriteriaId": "F1E5549E-3272-478D-85D0-6F53EE731183",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:p20:*:*:*:*:*:*",
"matchCriteriaId": "CD0EA35B-EBFF-4E6F-BD2E-4BE165E81A3F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:p21:*:*:*:*:*:*",
"matchCriteriaId": "3F2C76F2-D457-4C7C-BE76-515CA45CA161",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:p22:*:*:*:*:*:*",
"matchCriteriaId": "0E5A374E-56C5-4EBA-967C-CDFE6A967DFD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:p23:*:*:*:*:*:*",
"matchCriteriaId": "7D4568F0-8CCD-4517-B4E9-7E2CA228D659",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:p24:*:*:*:*:*:*",
"matchCriteriaId": "96893FF5-B85E-45AF-9020-5D767E954D6D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:p3:*:*:*:*:*:*",
"matchCriteriaId": "D884D3AF-7D57-4DF6-82E8-556C35319ED2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:p4:*:*:*:*:*:*",
"matchCriteriaId": "528BAFA3-ED39-45B5-8C81-A6FD76DDB49B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:p5:*:*:*:*:*:*",
"matchCriteriaId": "02DA7C50-7360-4679-93A5-92C8DC5E8E46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:p6:*:*:*:*:*:*",
"matchCriteriaId": "71B49D90-9522-46C6-8948-B9C21CEA473C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:p7:*:*:*:*:*:*",
"matchCriteriaId": "98C29296-D1F3-45A2-BF0A-22333150F416",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:p8:*:*:*:*:*:*",
"matchCriteriaId": "339226E6-532F-4FE2-A543-6B166A9BA7F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:p9:*:*:*:*:*:*",
"matchCriteriaId": "986FDFA6-BE12-4268-9B90-F7D469BBE517",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.1.0:b1:*:*:*:*:*:*",
"matchCriteriaId": "1E6FCE7B-7ECE-42A4-82C5-12A647B0CCC8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.1.0:b2:*:*:*:*:*:*",
"matchCriteriaId": "923AA113-D5E7-4F78-88BA-B72EF250F3EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.1.0:b3:*:*:*:*:*:*",
"matchCriteriaId": "B1984F57-A313-48AC-B8F9-F352D82824D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.1.0:b4:*:*:*:*:*:*",
"matchCriteriaId": "A38DB527-72A6-40B8-B46F-B8E78BFFDB1F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.1.0:b5:*:*:*:*:*:*",
"matchCriteriaId": "67643E11-91A1-4580-BC4C-574074C862CB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.1.0:b6:*:*:*:*:*:*",
"matchCriteriaId": "350B7E0F-D234-4D7C-91E4-F35E73579A24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.1.0:b7:*:*:*:*:*:*",
"matchCriteriaId": "DE58ACA9-8078-46A7-8487-C06E4E38F372",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.1.0:b8:*:*:*:*:*:*",
"matchCriteriaId": "B3D8CF4D-E1F8-4D8D-A8A9-1783CAC869E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.1.0:b9:*:*:*:*:*:*",
"matchCriteriaId": "58B0B051-7D3C-4EC7-96B0-38A1CC108D61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tribe29:checkmk:1.6.0b10:*:*:*:*:*:*:*",
"matchCriteriaId": "3EE29788-9815-47C5-88CC-039E82348482",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tribe29:checkmk:1.6.0b11:*:*:*:*:*:*:*",
"matchCriteriaId": "AF943CDA-131A-4951-9281-C0F7711C511B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tribe29:checkmk:1.6.0p10:*:*:*:*:*:*:*",
"matchCriteriaId": "2FA770FD-D758-4590-9A6E-5A87E137C53E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tribe29:checkmk:1.6.0p11:*:*:*:*:*:*:*",
"matchCriteriaId": "B75CFABF-93B3-46C4-A78E-5E160FB2D9A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tribe29:checkmk:1.6.0p12:*:*:*:*:*:*:*",
"matchCriteriaId": "EA90BF5B-3277-422C-A8AF-1562903970D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tribe29:checkmk:1.6.0p13:*:*:*:*:*:*:*",
"matchCriteriaId": "DE41BD2C-203A-4482-9FFB-E2116E222100",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tribe29:checkmk:1.6.0p14:*:*:*:*:*:*:*",
"matchCriteriaId": "ECB3F23B-1D5C-4299-8F07-0B371C9803E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tribe29:checkmk:1.6.0p15:*:*:*:*:*:*:*",
"matchCriteriaId": "C6EBDA72-FB06-40DE-9116-44F4BC3BB5E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tribe29:checkmk:1.6.0p16:*:*:*:*:*:*:*",
"matchCriteriaId": "9BF55580-2393-4DC6-88F5-9B0C6797FD21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tribe29:checkmk:1.6.0p17:*:*:*:*:*:*:*",
"matchCriteriaId": "6786541D-CB3B-432D-8D0F-05178237FE4C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tribe29:checkmk:1.6.0p18:*:*:*:*:*:*:*",
"matchCriteriaId": "E668FDEE-6503-4FF5-BA24-DD84180CB38A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In Checkmk before 1.6.0p29, 2.x before 2.0.0p25, and 2.1.x before 2.1.0b10, a site user can escalate to root by editing an OMD hook symlink."
},
{
"lang": "es",
"value": "En Checkmk versiones anteriores a 1.6.0p29, 2.x anteriores a 2.0.0p25, y 2.1.x anteriores a 2.1.0b10, un usuario del sitio puede escalar a root editando un enlace simb\u00f3lico del hook OMD"
}
],
"id": "CVE-2022-31258",
"lastModified": "2024-11-21T07:04:14.367",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.5,
"impactScore": 6.0,
"source": "cve@mitre.org",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 0.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-05-20T23:15:45.277",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://checkmk.com/werk/13902"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://forum.checkmk.com/c/announcements/18"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://checkmk.com/werk/13902"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://forum.checkmk.com/c/announcements/18"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-59"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-05-17 16:15
Modified
2024-11-21 07:44
Severity ?
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Summary
Improper Authorization in RestAPI in Checkmk GmbH's Checkmk versions <2.1.0p28 and <2.2.0b8 allows remote authenticated users to read arbitrary host_configs.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| security@checkmk.com | https://checkmk.com/werk/13982 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://checkmk.com/werk/13982 | Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.1.0:-:*:*:*:*:*:*",
"matchCriteriaId": "1AE224D8-742B-4D1F-ABBE-3DDA3EA5C5AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.1.0:b1:*:*:*:*:*:*",
"matchCriteriaId": "1E6FCE7B-7ECE-42A4-82C5-12A647B0CCC8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.1.0:b2:*:*:*:*:*:*",
"matchCriteriaId": "923AA113-D5E7-4F78-88BA-B72EF250F3EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.1.0:b3:*:*:*:*:*:*",
"matchCriteriaId": "B1984F57-A313-48AC-B8F9-F352D82824D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.1.0:b4:*:*:*:*:*:*",
"matchCriteriaId": "A38DB527-72A6-40B8-B46F-B8E78BFFDB1F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.1.0:b5:*:*:*:*:*:*",
"matchCriteriaId": "67643E11-91A1-4580-BC4C-574074C862CB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.1.0:b6:*:*:*:*:*:*",
"matchCriteriaId": "350B7E0F-D234-4D7C-91E4-F35E73579A24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.1.0:b7:*:*:*:*:*:*",
"matchCriteriaId": "DE58ACA9-8078-46A7-8487-C06E4E38F372",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.1.0:b8:*:*:*:*:*:*",
"matchCriteriaId": "B3D8CF4D-E1F8-4D8D-A8A9-1783CAC869E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.1.0:b9:*:*:*:*:*:*",
"matchCriteriaId": "58B0B051-7D3C-4EC7-96B0-38A1CC108D61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.1.0:p1:*:*:*:*:*:*",
"matchCriteriaId": "B783A741-AAF2-43EE-8272-9239133A01E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.1.0:p10:*:*:*:*:*:*",
"matchCriteriaId": "A5F275A3-A99E-40E1-BD77-694FA568541F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.1.0:p11:*:*:*:*:*:*",
"matchCriteriaId": "3A44BF1A-5BE0-4412-B51D-055445758B61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.1.0:p12:*:*:*:*:*:*",
"matchCriteriaId": "A31BAE94-9096-4320-AC19-AA204E8EC08D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.1.0:p13:*:*:*:*:*:*",
"matchCriteriaId": "1B0784EA-98E8-4490-B97B-894F188A223D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.1.0:p14:*:*:*:*:*:*",
"matchCriteriaId": "A56A901F-1040-4DB9-9BE3-FE1999C514CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.1.0:p15:*:*:*:*:*:*",
"matchCriteriaId": "58A904FC-C015-469D-8502-E678D5FDBD06",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.1.0:p16:*:*:*:*:*:*",
"matchCriteriaId": "1B5D109C-60AA-4FA4-9B10-2191AAF109F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.1.0:p17:*:*:*:*:*:*",
"matchCriteriaId": "37297866-24BB-4044-8744-EC0A8C29F152",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.1.0:p18:*:*:*:*:*:*",
"matchCriteriaId": "F9D4A171-CCB3-43B8-8B70-78610423E7C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.1.0:p19:*:*:*:*:*:*",
"matchCriteriaId": "5E1145FF-426D-407C-9F4B-EF773BD191EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.1.0:p2:*:*:*:*:*:*",
"matchCriteriaId": "4DA8F776-A724-48FC-B7EF-13788BC69753",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.1.0:p20:*:*:*:*:*:*",
"matchCriteriaId": "46F42A22-99F2-4DF5-9B00-3123396F87AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.1.0:p21:*:*:*:*:*:*",
"matchCriteriaId": "1C59D4D3-D526-4E6B-B3AA-FE485D030190",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.1.0:p22:*:*:*:*:*:*",
"matchCriteriaId": "65E5CAE6-DC8B-47B3-84A0-D79B0C33EB45",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.1.0:p23:*:*:*:*:*:*",
"matchCriteriaId": "8B9E0D89-79E2-476A-8A3E-8443316BC310",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.1.0:p24:*:*:*:*:*:*",
"matchCriteriaId": "38EA0591-C30B-4102-8A06-1B922FD3A0C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.1.0:p25:*:*:*:*:*:*",
"matchCriteriaId": "5E9AF0D3-8DD6-4EC7-BB33-54401D4025FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.1.0:p26:*:*:*:*:*:*",
"matchCriteriaId": "983604CC-DD2C-42A9-8B9D-A9A261CE8BA6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.1.0:p27:*:*:*:*:*:*",
"matchCriteriaId": "224960F7-695C-415B-B991-E8C01859AA80",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.1.0:p3:*:*:*:*:*:*",
"matchCriteriaId": "076463AA-195F-4CD6-861B-72FE1C8A407F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.1.0:p4:*:*:*:*:*:*",
"matchCriteriaId": "63043834-98E5-47C2-91F1-41B98270ABCA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.1.0:p5:*:*:*:*:*:*",
"matchCriteriaId": "FCF745D0-2EA6-4414-90BC-99D3ED08BB01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.1.0:p6:*:*:*:*:*:*",
"matchCriteriaId": "4823087F-D7FA-4594-8FD3-412DE5EA1F02",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.1.0:p7:*:*:*:*:*:*",
"matchCriteriaId": "6429F9CE-D477-4CFF-B6E0-4BF11B61ED0E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.1.0:p8:*:*:*:*:*:*",
"matchCriteriaId": "A50C58F9-94ED-4D85-8331-2D81F8E0760A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.1.0:p9:*:*:*:*:*:*",
"matchCriteriaId": "9A6AC0BD-FB65-4FAA-B344-66F87F16F8B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.2.0:b1:*:*:*:*:*:*",
"matchCriteriaId": "B068974F-6F67-4CBB-B567-FCED86E28F22",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.2.0:b2:*:*:*:*:*:*",
"matchCriteriaId": "EA70F36A-EEF6-48DC-B15E-055D0DE8A052",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.2.0:b3:*:*:*:*:*:*",
"matchCriteriaId": "B2017F38-38DB-4E96-B34F-160BC731CBBE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.2.0:b4:*:*:*:*:*:*",
"matchCriteriaId": "0949F399-371B-409C-AF9F-32690D881440",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.2.0:b5:*:*:*:*:*:*",
"matchCriteriaId": "42E1E31A-B5CC-45F2-A2E5-3EEF735499BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.2.0:b6:*:*:*:*:*:*",
"matchCriteriaId": "4B364FCA-500C-458E-B997-82CD0B1D24F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.2.0:b7:*:*:*:*:*:*",
"matchCriteriaId": "0B32E657-917B-482B-B6A4-3D3746992A4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tribe29:checkmk:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F8909212-9DCE-4B14-A240-5CDA98CFDC6E",
"versionEndExcluding": "2.1.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper Authorization in RestAPI in Checkmk GmbH\u0027s Checkmk versions \u003c2.1.0p28 and \u003c2.2.0b8 allows remote authenticated users to read arbitrary host_configs."
}
],
"id": "CVE-2023-22348",
"lastModified": "2024-11-21T07:44:36.460",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "security@checkmk.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-05-17T16:15:09.110",
"references": [
{
"source": "security@checkmk.com",
"tags": [
"Vendor Advisory"
],
"url": "https://checkmk.com/werk/13982"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://checkmk.com/werk/13982"
}
],
"sourceIdentifier": "security@checkmk.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-285"
}
],
"source": "security@checkmk.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-08-10 09:15
Modified
2024-11-21 08:01
Severity ?
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
Improper neutralization of active check command arguments in Checkmk < 2.1.0p32, < 2.0.0p38, < 2.2.0p4 leads to arbitrary command execution for authenticated users.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| security@checkmk.com | https://checkmk.com/werk/15194 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://checkmk.com/werk/15194 | Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:-:*:*:*:*:*:*",
"matchCriteriaId": "F8EDFDCA-0778-4540-B1D5-D3A986258028",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:b1:*:*:*:*:*:*",
"matchCriteriaId": "54031390-D7E7-4A14-AA2F-923768B3685F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:b2:*:*:*:*:*:*",
"matchCriteriaId": "F1B7E35F-5A07-424E-AA09-AC54104D612B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:b3:*:*:*:*:*:*",
"matchCriteriaId": "8D4AC302-C8F5-4A2B-A73A-982D0AA2495A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:b4:*:*:*:*:*:*",
"matchCriteriaId": "7A058C71-C39E-4109-B570-4A061013D033",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:b5:*:*:*:*:*:*",
"matchCriteriaId": "22BCFA79-B3D6-4FFF-A3D3-8C4C97AF17C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:b6:*:*:*:*:*:*",
"matchCriteriaId": "2A1703D9-8EEB-432D-90E2-F847CDC4C204",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:b7:*:*:*:*:*:*",
"matchCriteriaId": "1A4C72BA-6D78-4911-83E4-4DABB2CAC47F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:b8:*:*:*:*:*:*",
"matchCriteriaId": "081FD127-1066-4019-B521-9FADB85DBD4A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:i1:*:*:*:*:*:*",
"matchCriteriaId": "C1A4F005-4823-4B2B-B4EF-4EFDB04CFB9B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:p1:*:*:*:*:*:*",
"matchCriteriaId": "357240B1-F0DA-4FA8-B782-D998951F4B54",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:p10:*:*:*:*:*:*",
"matchCriteriaId": "2F828F54-04E2-4B98-91A7-B09ED833E88B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:p11:*:*:*:*:*:*",
"matchCriteriaId": "A4B8B300-8264-40AB-A839-7EACB988163B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:p12:*:*:*:*:*:*",
"matchCriteriaId": "EB76A8DF-C870-482F-A488-DB2917ABD971",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:p13:*:*:*:*:*:*",
"matchCriteriaId": "04947B1B-CF67-4C11-8FE3-6C17FD35E2EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:p14:*:*:*:*:*:*",
"matchCriteriaId": "591AEC3C-2F48-4E91-9881-42EEDD039C5D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:p15:*:*:*:*:*:*",
"matchCriteriaId": "C5CA04C8-2C80-4C7E-B329-3FFCBEDEE663",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:p16:*:*:*:*:*:*",
"matchCriteriaId": "47A1C5AC-C8B7-495A-A5F4-CD4790358A2E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:p17:*:*:*:*:*:*",
"matchCriteriaId": "B87D8B46-5B04-460D-BBA1-BB19234DA19D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:p18:*:*:*:*:*:*",
"matchCriteriaId": "C59EA30A-0B7D-4E58-A503-8C2F16B45004",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:p19:*:*:*:*:*:*",
"matchCriteriaId": "F2849E4C-09D1-48A5-B28E-F7A4CD3E8967",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:p2:*:*:*:*:*:*",
"matchCriteriaId": "F1E5549E-3272-478D-85D0-6F53EE731183",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:p20:*:*:*:*:*:*",
"matchCriteriaId": "CD0EA35B-EBFF-4E6F-BD2E-4BE165E81A3F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:p21:*:*:*:*:*:*",
"matchCriteriaId": "3F2C76F2-D457-4C7C-BE76-515CA45CA161",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:p22:*:*:*:*:*:*",
"matchCriteriaId": "0E5A374E-56C5-4EBA-967C-CDFE6A967DFD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:p23:*:*:*:*:*:*",
"matchCriteriaId": "7D4568F0-8CCD-4517-B4E9-7E2CA228D659",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:p24:*:*:*:*:*:*",
"matchCriteriaId": "96893FF5-B85E-45AF-9020-5D767E954D6D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:p25:*:*:*:*:*:*",
"matchCriteriaId": "425ABB56-3A2E-40E3-9701-E638F16E6ADD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:p26:*:*:*:*:*:*",
"matchCriteriaId": "9EEF6054-B3B5-4AAC-B24B-147A38564992",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:p27:*:*:*:*:*:*",
"matchCriteriaId": "462C2826-237E-4061-8F14-3DE09CE9952C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:p28:*:*:*:*:*:*",
"matchCriteriaId": "8DE8F008-1FC0-416C-B0D4-5A560CF985F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:p29:*:*:*:*:*:*",
"matchCriteriaId": "53AA0AB2-E814-4378-9486-D9192293C1DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:p3:*:*:*:*:*:*",
"matchCriteriaId": "D884D3AF-7D57-4DF6-82E8-556C35319ED2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:p30:*:*:*:*:*:*",
"matchCriteriaId": "2F6A123B-D6D3-4C46-9595-4D8138FC31C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:p31:*:*:*:*:*:*",
"matchCriteriaId": "4245029F-D95D-4364-BB29-8C60F5461070",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:p32:*:*:*:*:*:*",
"matchCriteriaId": "C67473D2-A96B-4ACD-B248-A0AF2E3C9738",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:p33:*:*:*:*:*:*",
"matchCriteriaId": "B22FDFE4-844F-449B-88D7-E7EDC92EC752",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:p34:*:*:*:*:*:*",
"matchCriteriaId": "01D13D8E-61F2-406C-8EE5-FDDD9BDCCF71",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:p35:*:*:*:*:*:*",
"matchCriteriaId": "CA0DCBEB-CAED-4A39-B700-64311E7742DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:p36:*:*:*:*:*:*",
"matchCriteriaId": "0D8C138E-C8C2-46F7-A1D6-D33562FB86BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:p37:*:*:*:*:*:*",
"matchCriteriaId": "D4BE7A6A-C3BB-405A-8757-E60E2F611ACD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:p4:*:*:*:*:*:*",
"matchCriteriaId": "528BAFA3-ED39-45B5-8C81-A6FD76DDB49B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:p5:*:*:*:*:*:*",
"matchCriteriaId": "02DA7C50-7360-4679-93A5-92C8DC5E8E46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:p6:*:*:*:*:*:*",
"matchCriteriaId": "71B49D90-9522-46C6-8948-B9C21CEA473C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:p7:*:*:*:*:*:*",
"matchCriteriaId": "98C29296-D1F3-45A2-BF0A-22333150F416",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:p8:*:*:*:*:*:*",
"matchCriteriaId": "339226E6-532F-4FE2-A543-6B166A9BA7F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:p9:*:*:*:*:*:*",
"matchCriteriaId": "986FDFA6-BE12-4268-9B90-F7D469BBE517",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.1.0:-:*:*:*:*:*:*",
"matchCriteriaId": "1AE224D8-742B-4D1F-ABBE-3DDA3EA5C5AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.1.0:b1:*:*:*:*:*:*",
"matchCriteriaId": "1E6FCE7B-7ECE-42A4-82C5-12A647B0CCC8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.1.0:b2:*:*:*:*:*:*",
"matchCriteriaId": "923AA113-D5E7-4F78-88BA-B72EF250F3EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.1.0:b3:*:*:*:*:*:*",
"matchCriteriaId": "B1984F57-A313-48AC-B8F9-F352D82824D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.1.0:b4:*:*:*:*:*:*",
"matchCriteriaId": "A38DB527-72A6-40B8-B46F-B8E78BFFDB1F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.1.0:b5:*:*:*:*:*:*",
"matchCriteriaId": "67643E11-91A1-4580-BC4C-574074C862CB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.1.0:b6:*:*:*:*:*:*",
"matchCriteriaId": "350B7E0F-D234-4D7C-91E4-F35E73579A24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.1.0:b7:*:*:*:*:*:*",
"matchCriteriaId": "DE58ACA9-8078-46A7-8487-C06E4E38F372",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.1.0:b8:*:*:*:*:*:*",
"matchCriteriaId": "B3D8CF4D-E1F8-4D8D-A8A9-1783CAC869E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.1.0:b9:*:*:*:*:*:*",
"matchCriteriaId": "58B0B051-7D3C-4EC7-96B0-38A1CC108D61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.1.0:p1:*:*:*:*:*:*",
"matchCriteriaId": "B783A741-AAF2-43EE-8272-9239133A01E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.1.0:p10:*:*:*:*:*:*",
"matchCriteriaId": "A5F275A3-A99E-40E1-BD77-694FA568541F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.1.0:p11:*:*:*:*:*:*",
"matchCriteriaId": "3A44BF1A-5BE0-4412-B51D-055445758B61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.1.0:p12:*:*:*:*:*:*",
"matchCriteriaId": "A31BAE94-9096-4320-AC19-AA204E8EC08D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.1.0:p13:*:*:*:*:*:*",
"matchCriteriaId": "1B0784EA-98E8-4490-B97B-894F188A223D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.1.0:p14:*:*:*:*:*:*",
"matchCriteriaId": "A56A901F-1040-4DB9-9BE3-FE1999C514CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.1.0:p15:*:*:*:*:*:*",
"matchCriteriaId": "58A904FC-C015-469D-8502-E678D5FDBD06",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.1.0:p16:*:*:*:*:*:*",
"matchCriteriaId": "1B5D109C-60AA-4FA4-9B10-2191AAF109F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.1.0:p17:*:*:*:*:*:*",
"matchCriteriaId": "37297866-24BB-4044-8744-EC0A8C29F152",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.1.0:p18:*:*:*:*:*:*",
"matchCriteriaId": "F9D4A171-CCB3-43B8-8B70-78610423E7C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.1.0:p19:*:*:*:*:*:*",
"matchCriteriaId": "5E1145FF-426D-407C-9F4B-EF773BD191EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.1.0:p2:*:*:*:*:*:*",
"matchCriteriaId": "4DA8F776-A724-48FC-B7EF-13788BC69753",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.1.0:p20:*:*:*:*:*:*",
"matchCriteriaId": "46F42A22-99F2-4DF5-9B00-3123396F87AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.1.0:p21:*:*:*:*:*:*",
"matchCriteriaId": "1C59D4D3-D526-4E6B-B3AA-FE485D030190",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.1.0:p22:*:*:*:*:*:*",
"matchCriteriaId": "65E5CAE6-DC8B-47B3-84A0-D79B0C33EB45",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.1.0:p23:*:*:*:*:*:*",
"matchCriteriaId": "8B9E0D89-79E2-476A-8A3E-8443316BC310",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.1.0:p24:*:*:*:*:*:*",
"matchCriteriaId": "38EA0591-C30B-4102-8A06-1B922FD3A0C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.1.0:p25:*:*:*:*:*:*",
"matchCriteriaId": "5E9AF0D3-8DD6-4EC7-BB33-54401D4025FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.1.0:p26:*:*:*:*:*:*",
"matchCriteriaId": "983604CC-DD2C-42A9-8B9D-A9A261CE8BA6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.1.0:p27:*:*:*:*:*:*",
"matchCriteriaId": "224960F7-695C-415B-B991-E8C01859AA80",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.1.0:p28:*:*:*:*:*:*",
"matchCriteriaId": "1F6D86E4-738B-4ADA-858E-C12CCED9FAAA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.1.0:p29:*:*:*:*:*:*",
"matchCriteriaId": "BD8EBF09-9B70-4972-85B1-82F41488BE3F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.1.0:p3:*:*:*:*:*:*",
"matchCriteriaId": "076463AA-195F-4CD6-861B-72FE1C8A407F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.1.0:p30:*:*:*:*:*:*",
"matchCriteriaId": "009D2C7B-39B8-400F-80A5-06D56319232C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.1.0:p31:*:*:*:*:*:*",
"matchCriteriaId": "3D5AEB8D-772E-401F-975C-61BDD30B481E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.1.0:p4:*:*:*:*:*:*",
"matchCriteriaId": "63043834-98E5-47C2-91F1-41B98270ABCA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.1.0:p5:*:*:*:*:*:*",
"matchCriteriaId": "FCF745D0-2EA6-4414-90BC-99D3ED08BB01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.1.0:p6:*:*:*:*:*:*",
"matchCriteriaId": "4823087F-D7FA-4594-8FD3-412DE5EA1F02",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.1.0:p7:*:*:*:*:*:*",
"matchCriteriaId": "6429F9CE-D477-4CFF-B6E0-4BF11B61ED0E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.1.0:p8:*:*:*:*:*:*",
"matchCriteriaId": "A50C58F9-94ED-4D85-8331-2D81F8E0760A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.1.0:p9:*:*:*:*:*:*",
"matchCriteriaId": "9A6AC0BD-FB65-4FAA-B344-66F87F16F8B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.2.0:-:*:*:*:*:*:*",
"matchCriteriaId": "C66704F1-0B5E-4B43-8748-987022F378F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.2.0:b1:*:*:*:*:*:*",
"matchCriteriaId": "B068974F-6F67-4CBB-B567-FCED86E28F22",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.2.0:b2:*:*:*:*:*:*",
"matchCriteriaId": "EA70F36A-EEF6-48DC-B15E-055D0DE8A052",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.2.0:b3:*:*:*:*:*:*",
"matchCriteriaId": "B2017F38-38DB-4E96-B34F-160BC731CBBE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.2.0:b4:*:*:*:*:*:*",
"matchCriteriaId": "0949F399-371B-409C-AF9F-32690D881440",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.2.0:b5:*:*:*:*:*:*",
"matchCriteriaId": "42E1E31A-B5CC-45F2-A2E5-3EEF735499BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.2.0:b6:*:*:*:*:*:*",
"matchCriteriaId": "4B364FCA-500C-458E-B997-82CD0B1D24F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.2.0:b7:*:*:*:*:*:*",
"matchCriteriaId": "0B32E657-917B-482B-B6A4-3D3746992A4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.2.0:b8:*:*:*:*:*:*",
"matchCriteriaId": "2119C732-E024-4DA6-8E47-9E08E5E12602",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.2.0:i1:*:*:*:*:*:*",
"matchCriteriaId": "4F0B99A8-A124-43BD-B8AA-EECC9112346F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.2.0:p1:*:*:*:*:*:*",
"matchCriteriaId": "3FB7221E-BE9F-4529-8E07-8AD547FA3208",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.2.0:p2:*:*:*:*:*:*",
"matchCriteriaId": "7BCEB6FF-668F-4313-9264-0BF021AFC45F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.2.0:p3:*:*:*:*:*:*",
"matchCriteriaId": "E2342E2D-58B0-43E7-8C01-DF4678520F39",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tribe29:checkmk:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EA066B19-D5EC-4BAA-A842-1E792607D51B",
"versionEndExcluding": "2.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper neutralization of active check command arguments in Checkmk \u003c 2.1.0p32, \u003c 2.0.0p38, \u003c 2.2.0p4 leads to arbitrary command execution for authenticated users."
}
],
"id": "CVE-2023-31209",
"lastModified": "2024-11-21T08:01:37.683",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "security@checkmk.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-08-10T09:15:12.123",
"references": [
{
"source": "security@checkmk.com",
"tags": [
"Vendor Advisory"
],
"url": "https://checkmk.com/werk/15194"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://checkmk.com/werk/15194"
}
],
"sourceIdentifier": "security@checkmk.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "security@checkmk.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-74"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-01-26 21:18
Modified
2024-11-21 07:36
Severity ?
6.8 (Medium) - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H
8.1 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
8.1 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
Summary
Improper Input Validation of LDAP user IDs in Tribe29 Checkmk allows attackers that can control LDAP user IDs to manipulate files on the server. Checkmk <= 2.1.0p19, Checkmk <= 2.0.0p32, and all versions of Checkmk 1.6.0 (EOL) are affected.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| security@checkmk.com | https://checkmk.com/werk/15181 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://checkmk.com/werk/15181 | Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:-:*:*:*:*:*:*",
"matchCriteriaId": "F8EDFDCA-0778-4540-B1D5-D3A986258028",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:b1:*:*:*:*:*:*",
"matchCriteriaId": "54031390-D7E7-4A14-AA2F-923768B3685F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:b2:*:*:*:*:*:*",
"matchCriteriaId": "F1B7E35F-5A07-424E-AA09-AC54104D612B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:b3:*:*:*:*:*:*",
"matchCriteriaId": "8D4AC302-C8F5-4A2B-A73A-982D0AA2495A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:b4:*:*:*:*:*:*",
"matchCriteriaId": "7A058C71-C39E-4109-B570-4A061013D033",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:b5:*:*:*:*:*:*",
"matchCriteriaId": "22BCFA79-B3D6-4FFF-A3D3-8C4C97AF17C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:b6:*:*:*:*:*:*",
"matchCriteriaId": "2A1703D9-8EEB-432D-90E2-F847CDC4C204",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:b7:*:*:*:*:*:*",
"matchCriteriaId": "1A4C72BA-6D78-4911-83E4-4DABB2CAC47F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:b8:*:*:*:*:*:*",
"matchCriteriaId": "081FD127-1066-4019-B521-9FADB85DBD4A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:i1:*:*:*:*:*:*",
"matchCriteriaId": "C1A4F005-4823-4B2B-B4EF-4EFDB04CFB9B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:p1:*:*:*:*:*:*",
"matchCriteriaId": "357240B1-F0DA-4FA8-B782-D998951F4B54",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:p10:*:*:*:*:*:*",
"matchCriteriaId": "2F828F54-04E2-4B98-91A7-B09ED833E88B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:p11:*:*:*:*:*:*",
"matchCriteriaId": "A4B8B300-8264-40AB-A839-7EACB988163B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:p12:*:*:*:*:*:*",
"matchCriteriaId": "EB76A8DF-C870-482F-A488-DB2917ABD971",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:p13:*:*:*:*:*:*",
"matchCriteriaId": "04947B1B-CF67-4C11-8FE3-6C17FD35E2EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:p14:*:*:*:*:*:*",
"matchCriteriaId": "591AEC3C-2F48-4E91-9881-42EEDD039C5D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:p15:*:*:*:*:*:*",
"matchCriteriaId": "C5CA04C8-2C80-4C7E-B329-3FFCBEDEE663",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:p16:*:*:*:*:*:*",
"matchCriteriaId": "47A1C5AC-C8B7-495A-A5F4-CD4790358A2E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:p17:*:*:*:*:*:*",
"matchCriteriaId": "B87D8B46-5B04-460D-BBA1-BB19234DA19D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:p18:*:*:*:*:*:*",
"matchCriteriaId": "C59EA30A-0B7D-4E58-A503-8C2F16B45004",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:p19:*:*:*:*:*:*",
"matchCriteriaId": "F2849E4C-09D1-48A5-B28E-F7A4CD3E8967",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:p2:*:*:*:*:*:*",
"matchCriteriaId": "F1E5549E-3272-478D-85D0-6F53EE731183",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:p20:*:*:*:*:*:*",
"matchCriteriaId": "CD0EA35B-EBFF-4E6F-BD2E-4BE165E81A3F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:p21:*:*:*:*:*:*",
"matchCriteriaId": "3F2C76F2-D457-4C7C-BE76-515CA45CA161",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:p22:*:*:*:*:*:*",
"matchCriteriaId": "0E5A374E-56C5-4EBA-967C-CDFE6A967DFD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:p23:*:*:*:*:*:*",
"matchCriteriaId": "7D4568F0-8CCD-4517-B4E9-7E2CA228D659",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:p24:*:*:*:*:*:*",
"matchCriteriaId": "96893FF5-B85E-45AF-9020-5D767E954D6D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:p25:*:*:*:*:*:*",
"matchCriteriaId": "425ABB56-3A2E-40E3-9701-E638F16E6ADD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:p26:*:*:*:*:*:*",
"matchCriteriaId": "9EEF6054-B3B5-4AAC-B24B-147A38564992",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:p27:*:*:*:*:*:*",
"matchCriteriaId": "462C2826-237E-4061-8F14-3DE09CE9952C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:p28:*:*:*:*:*:*",
"matchCriteriaId": "8DE8F008-1FC0-416C-B0D4-5A560CF985F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:p29:*:*:*:*:*:*",
"matchCriteriaId": "53AA0AB2-E814-4378-9486-D9192293C1DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:p3:*:*:*:*:*:*",
"matchCriteriaId": "D884D3AF-7D57-4DF6-82E8-556C35319ED2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:p30:*:*:*:*:*:*",
"matchCriteriaId": "2F6A123B-D6D3-4C46-9595-4D8138FC31C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:p31:*:*:*:*:*:*",
"matchCriteriaId": "4245029F-D95D-4364-BB29-8C60F5461070",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:p32:*:*:*:*:*:*",
"matchCriteriaId": "C67473D2-A96B-4ACD-B248-A0AF2E3C9738",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:p4:*:*:*:*:*:*",
"matchCriteriaId": "528BAFA3-ED39-45B5-8C81-A6FD76DDB49B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:p5:*:*:*:*:*:*",
"matchCriteriaId": "02DA7C50-7360-4679-93A5-92C8DC5E8E46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:p6:*:*:*:*:*:*",
"matchCriteriaId": "71B49D90-9522-46C6-8948-B9C21CEA473C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:p7:*:*:*:*:*:*",
"matchCriteriaId": "98C29296-D1F3-45A2-BF0A-22333150F416",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:p8:*:*:*:*:*:*",
"matchCriteriaId": "339226E6-532F-4FE2-A543-6B166A9BA7F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:p9:*:*:*:*:*:*",
"matchCriteriaId": "986FDFA6-BE12-4268-9B90-F7D469BBE517",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.1.0:b1:*:*:*:*:*:*",
"matchCriteriaId": "1E6FCE7B-7ECE-42A4-82C5-12A647B0CCC8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.1.0:b2:*:*:*:*:*:*",
"matchCriteriaId": "923AA113-D5E7-4F78-88BA-B72EF250F3EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.1.0:b3:*:*:*:*:*:*",
"matchCriteriaId": "B1984F57-A313-48AC-B8F9-F352D82824D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.1.0:b4:*:*:*:*:*:*",
"matchCriteriaId": "A38DB527-72A6-40B8-B46F-B8E78BFFDB1F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.1.0:b5:*:*:*:*:*:*",
"matchCriteriaId": "67643E11-91A1-4580-BC4C-574074C862CB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.1.0:b6:*:*:*:*:*:*",
"matchCriteriaId": "350B7E0F-D234-4D7C-91E4-F35E73579A24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.1.0:b7:*:*:*:*:*:*",
"matchCriteriaId": "DE58ACA9-8078-46A7-8487-C06E4E38F372",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.1.0:b8:*:*:*:*:*:*",
"matchCriteriaId": "B3D8CF4D-E1F8-4D8D-A8A9-1783CAC869E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.1.0:b9:*:*:*:*:*:*",
"matchCriteriaId": "58B0B051-7D3C-4EC7-96B0-38A1CC108D61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.1.0:p1:*:*:*:*:*:*",
"matchCriteriaId": "B783A741-AAF2-43EE-8272-9239133A01E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.1.0:p10:*:*:*:*:*:*",
"matchCriteriaId": "A5F275A3-A99E-40E1-BD77-694FA568541F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.1.0:p11:*:*:*:*:*:*",
"matchCriteriaId": "3A44BF1A-5BE0-4412-B51D-055445758B61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.1.0:p12:*:*:*:*:*:*",
"matchCriteriaId": "A31BAE94-9096-4320-AC19-AA204E8EC08D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.1.0:p13:*:*:*:*:*:*",
"matchCriteriaId": "1B0784EA-98E8-4490-B97B-894F188A223D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.1.0:p14:*:*:*:*:*:*",
"matchCriteriaId": "A56A901F-1040-4DB9-9BE3-FE1999C514CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.1.0:p15:*:*:*:*:*:*",
"matchCriteriaId": "58A904FC-C015-469D-8502-E678D5FDBD06",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.1.0:p16:*:*:*:*:*:*",
"matchCriteriaId": "1B5D109C-60AA-4FA4-9B10-2191AAF109F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.1.0:p17:*:*:*:*:*:*",
"matchCriteriaId": "37297866-24BB-4044-8744-EC0A8C29F152",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.1.0:p18:*:*:*:*:*:*",
"matchCriteriaId": "F9D4A171-CCB3-43B8-8B70-78610423E7C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.1.0:p19:*:*:*:*:*:*",
"matchCriteriaId": "5E1145FF-426D-407C-9F4B-EF773BD191EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.1.0:p2:*:*:*:*:*:*",
"matchCriteriaId": "4DA8F776-A724-48FC-B7EF-13788BC69753",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.1.0:p3:*:*:*:*:*:*",
"matchCriteriaId": "076463AA-195F-4CD6-861B-72FE1C8A407F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.1.0:p4:*:*:*:*:*:*",
"matchCriteriaId": "63043834-98E5-47C2-91F1-41B98270ABCA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.1.0:p5:*:*:*:*:*:*",
"matchCriteriaId": "FCF745D0-2EA6-4414-90BC-99D3ED08BB01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.1.0:p6:*:*:*:*:*:*",
"matchCriteriaId": "4823087F-D7FA-4594-8FD3-412DE5EA1F02",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.1.0:p7:*:*:*:*:*:*",
"matchCriteriaId": "6429F9CE-D477-4CFF-B6E0-4BF11B61ED0E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.1.0:p8:*:*:*:*:*:*",
"matchCriteriaId": "A50C58F9-94ED-4D85-8331-2D81F8E0760A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.1.0:p9:*:*:*:*:*:*",
"matchCriteriaId": "9A6AC0BD-FB65-4FAA-B344-66F87F16F8B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tribe29:checkmk:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2E68DD82-AF90-4D24-B507-833541B762AC",
"versionEndExcluding": "2.0.0",
"versionStartIncluding": "1.6.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper Input Validation of LDAP user IDs in Tribe29 Checkmk allows attackers that can control LDAP user IDs to manipulate files on the server. Checkmk \u003c= 2.1.0p19, Checkmk \u003c= 2.0.0p32, and all versions of Checkmk 1.6.0 (EOL) are affected."
},
{
"lang": "es",
"value": "La validaci\u00f3n de entrada incorrecta de las ID de usuario LDAP en Tribe29 Checkmk permite a los atacantes que pueden controlar las ID de usuario LDAP manipular archivos en el servidor. Esta vulnerabilidad afecta a las versiones Checkmk \u0026lt;= 2.1.0p19, Checkmk \u0026lt;= 2.0.0p32 y todas las versiones de Checkmk 1.6.0 (EOL)."
}
],
"id": "CVE-2023-0284",
"lastModified": "2024-11-21T07:36:53.613",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.6,
"impactScore": 5.2,
"source": "security@checkmk.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-01-26T21:18:07.030",
"references": [
{
"source": "security@checkmk.com",
"tags": [
"Vendor Advisory"
],
"url": "https://checkmk.com/werk/15181"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://checkmk.com/werk/15181"
}
],
"sourceIdentifier": "security@checkmk.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "security@checkmk.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-01-12 08:15
Modified
2024-11-21 08:44
Severity ?
8.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
Privilege escalation in jar_signature agent plugin in Checkmk before 2.2.0p18, 2.1.0p38 and 2.0.0p39 allows local user to escalate privileges
References
| ▶ | URL | Tags | |
|---|---|---|---|
| security@checkmk.com | https://checkmk.com/werk/16163 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://checkmk.com/werk/16163 | Patch, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:b1:*:*:*:*:*:*",
"matchCriteriaId": "54031390-D7E7-4A14-AA2F-923768B3685F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:b2:*:*:*:*:*:*",
"matchCriteriaId": "F1B7E35F-5A07-424E-AA09-AC54104D612B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:b3:*:*:*:*:*:*",
"matchCriteriaId": "8D4AC302-C8F5-4A2B-A73A-982D0AA2495A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:b4:*:*:*:*:*:*",
"matchCriteriaId": "7A058C71-C39E-4109-B570-4A061013D033",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:b5:*:*:*:*:*:*",
"matchCriteriaId": "22BCFA79-B3D6-4FFF-A3D3-8C4C97AF17C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:b6:*:*:*:*:*:*",
"matchCriteriaId": "2A1703D9-8EEB-432D-90E2-F847CDC4C204",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:b7:*:*:*:*:*:*",
"matchCriteriaId": "1A4C72BA-6D78-4911-83E4-4DABB2CAC47F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:b8:*:*:*:*:*:*",
"matchCriteriaId": "081FD127-1066-4019-B521-9FADB85DBD4A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:i1:*:*:*:*:*:*",
"matchCriteriaId": "C1A4F005-4823-4B2B-B4EF-4EFDB04CFB9B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:p1:*:*:*:*:*:*",
"matchCriteriaId": "357240B1-F0DA-4FA8-B782-D998951F4B54",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:p10:*:*:*:*:*:*",
"matchCriteriaId": "2F828F54-04E2-4B98-91A7-B09ED833E88B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:p11:*:*:*:*:*:*",
"matchCriteriaId": "A4B8B300-8264-40AB-A839-7EACB988163B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:p12:*:*:*:*:*:*",
"matchCriteriaId": "EB76A8DF-C870-482F-A488-DB2917ABD971",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:p13:*:*:*:*:*:*",
"matchCriteriaId": "04947B1B-CF67-4C11-8FE3-6C17FD35E2EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:p14:*:*:*:*:*:*",
"matchCriteriaId": "591AEC3C-2F48-4E91-9881-42EEDD039C5D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:p15:*:*:*:*:*:*",
"matchCriteriaId": "C5CA04C8-2C80-4C7E-B329-3FFCBEDEE663",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:p16:*:*:*:*:*:*",
"matchCriteriaId": "47A1C5AC-C8B7-495A-A5F4-CD4790358A2E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:p17:*:*:*:*:*:*",
"matchCriteriaId": "B87D8B46-5B04-460D-BBA1-BB19234DA19D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:p18:*:*:*:*:*:*",
"matchCriteriaId": "C59EA30A-0B7D-4E58-A503-8C2F16B45004",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:p19:*:*:*:*:*:*",
"matchCriteriaId": "F2849E4C-09D1-48A5-B28E-F7A4CD3E8967",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:p2:*:*:*:*:*:*",
"matchCriteriaId": "F1E5549E-3272-478D-85D0-6F53EE731183",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:p20:*:*:*:*:*:*",
"matchCriteriaId": "CD0EA35B-EBFF-4E6F-BD2E-4BE165E81A3F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:p21:*:*:*:*:*:*",
"matchCriteriaId": "3F2C76F2-D457-4C7C-BE76-515CA45CA161",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:p22:*:*:*:*:*:*",
"matchCriteriaId": "0E5A374E-56C5-4EBA-967C-CDFE6A967DFD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:p23:*:*:*:*:*:*",
"matchCriteriaId": "7D4568F0-8CCD-4517-B4E9-7E2CA228D659",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:p24:*:*:*:*:*:*",
"matchCriteriaId": "96893FF5-B85E-45AF-9020-5D767E954D6D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:p25:*:*:*:*:*:*",
"matchCriteriaId": "425ABB56-3A2E-40E3-9701-E638F16E6ADD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:p26:*:*:*:*:*:*",
"matchCriteriaId": "9EEF6054-B3B5-4AAC-B24B-147A38564992",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:p27:*:*:*:*:*:*",
"matchCriteriaId": "462C2826-237E-4061-8F14-3DE09CE9952C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:p28:*:*:*:*:*:*",
"matchCriteriaId": "8DE8F008-1FC0-416C-B0D4-5A560CF985F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:p29:*:*:*:*:*:*",
"matchCriteriaId": "53AA0AB2-E814-4378-9486-D9192293C1DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:p3:*:*:*:*:*:*",
"matchCriteriaId": "D884D3AF-7D57-4DF6-82E8-556C35319ED2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:p30:*:*:*:*:*:*",
"matchCriteriaId": "2F6A123B-D6D3-4C46-9595-4D8138FC31C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:p31:*:*:*:*:*:*",
"matchCriteriaId": "4245029F-D95D-4364-BB29-8C60F5461070",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:p32:*:*:*:*:*:*",
"matchCriteriaId": "C67473D2-A96B-4ACD-B248-A0AF2E3C9738",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:p33:*:*:*:*:*:*",
"matchCriteriaId": "B22FDFE4-844F-449B-88D7-E7EDC92EC752",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:p34:*:*:*:*:*:*",
"matchCriteriaId": "01D13D8E-61F2-406C-8EE5-FDDD9BDCCF71",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:p35:*:*:*:*:*:*",
"matchCriteriaId": "CA0DCBEB-CAED-4A39-B700-64311E7742DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:p36:*:*:*:*:*:*",
"matchCriteriaId": "0D8C138E-C8C2-46F7-A1D6-D33562FB86BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:p37:*:*:*:*:*:*",
"matchCriteriaId": "D4BE7A6A-C3BB-405A-8757-E60E2F611ACD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:p38:*:*:*:*:*:*",
"matchCriteriaId": "1D7BC614-16F2-4F7D-9824-C5DDE540072B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:p4:*:*:*:*:*:*",
"matchCriteriaId": "528BAFA3-ED39-45B5-8C81-A6FD76DDB49B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:p5:*:*:*:*:*:*",
"matchCriteriaId": "02DA7C50-7360-4679-93A5-92C8DC5E8E46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:p6:*:*:*:*:*:*",
"matchCriteriaId": "71B49D90-9522-46C6-8948-B9C21CEA473C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:p7:*:*:*:*:*:*",
"matchCriteriaId": "98C29296-D1F3-45A2-BF0A-22333150F416",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:p8:*:*:*:*:*:*",
"matchCriteriaId": "339226E6-532F-4FE2-A543-6B166A9BA7F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:p9:*:*:*:*:*:*",
"matchCriteriaId": "986FDFA6-BE12-4268-9B90-F7D469BBE517",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.1.0:-:*:*:*:*:*:*",
"matchCriteriaId": "1AE224D8-742B-4D1F-ABBE-3DDA3EA5C5AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.1.0:b1:*:*:*:*:*:*",
"matchCriteriaId": "1E6FCE7B-7ECE-42A4-82C5-12A647B0CCC8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.1.0:b2:*:*:*:*:*:*",
"matchCriteriaId": "923AA113-D5E7-4F78-88BA-B72EF250F3EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.1.0:b3:*:*:*:*:*:*",
"matchCriteriaId": "B1984F57-A313-48AC-B8F9-F352D82824D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.1.0:b4:*:*:*:*:*:*",
"matchCriteriaId": "A38DB527-72A6-40B8-B46F-B8E78BFFDB1F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.1.0:b5:*:*:*:*:*:*",
"matchCriteriaId": "67643E11-91A1-4580-BC4C-574074C862CB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.1.0:b6:*:*:*:*:*:*",
"matchCriteriaId": "350B7E0F-D234-4D7C-91E4-F35E73579A24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.1.0:b7:*:*:*:*:*:*",
"matchCriteriaId": "DE58ACA9-8078-46A7-8487-C06E4E38F372",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.1.0:b8:*:*:*:*:*:*",
"matchCriteriaId": "B3D8CF4D-E1F8-4D8D-A8A9-1783CAC869E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.1.0:b9:*:*:*:*:*:*",
"matchCriteriaId": "58B0B051-7D3C-4EC7-96B0-38A1CC108D61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.1.0:p1:*:*:*:*:*:*",
"matchCriteriaId": "B783A741-AAF2-43EE-8272-9239133A01E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.1.0:p10:*:*:*:*:*:*",
"matchCriteriaId": "A5F275A3-A99E-40E1-BD77-694FA568541F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.1.0:p11:*:*:*:*:*:*",
"matchCriteriaId": "3A44BF1A-5BE0-4412-B51D-055445758B61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.1.0:p12:*:*:*:*:*:*",
"matchCriteriaId": "A31BAE94-9096-4320-AC19-AA204E8EC08D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.1.0:p13:*:*:*:*:*:*",
"matchCriteriaId": "1B0784EA-98E8-4490-B97B-894F188A223D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.1.0:p14:*:*:*:*:*:*",
"matchCriteriaId": "A56A901F-1040-4DB9-9BE3-FE1999C514CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.1.0:p15:*:*:*:*:*:*",
"matchCriteriaId": "58A904FC-C015-469D-8502-E678D5FDBD06",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.1.0:p16:*:*:*:*:*:*",
"matchCriteriaId": "1B5D109C-60AA-4FA4-9B10-2191AAF109F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.1.0:p17:*:*:*:*:*:*",
"matchCriteriaId": "37297866-24BB-4044-8744-EC0A8C29F152",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.1.0:p18:*:*:*:*:*:*",
"matchCriteriaId": "F9D4A171-CCB3-43B8-8B70-78610423E7C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.1.0:p19:*:*:*:*:*:*",
"matchCriteriaId": "5E1145FF-426D-407C-9F4B-EF773BD191EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.1.0:p2:*:*:*:*:*:*",
"matchCriteriaId": "4DA8F776-A724-48FC-B7EF-13788BC69753",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.1.0:p20:*:*:*:*:*:*",
"matchCriteriaId": "46F42A22-99F2-4DF5-9B00-3123396F87AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.1.0:p21:*:*:*:*:*:*",
"matchCriteriaId": "1C59D4D3-D526-4E6B-B3AA-FE485D030190",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.1.0:p22:*:*:*:*:*:*",
"matchCriteriaId": "65E5CAE6-DC8B-47B3-84A0-D79B0C33EB45",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.1.0:p23:*:*:*:*:*:*",
"matchCriteriaId": "8B9E0D89-79E2-476A-8A3E-8443316BC310",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.1.0:p24:*:*:*:*:*:*",
"matchCriteriaId": "38EA0591-C30B-4102-8A06-1B922FD3A0C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.1.0:p25:*:*:*:*:*:*",
"matchCriteriaId": "5E9AF0D3-8DD6-4EC7-BB33-54401D4025FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.1.0:p26:*:*:*:*:*:*",
"matchCriteriaId": "983604CC-DD2C-42A9-8B9D-A9A261CE8BA6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.1.0:p27:*:*:*:*:*:*",
"matchCriteriaId": "224960F7-695C-415B-B991-E8C01859AA80",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.1.0:p28:*:*:*:*:*:*",
"matchCriteriaId": "1F6D86E4-738B-4ADA-858E-C12CCED9FAAA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.1.0:p29:*:*:*:*:*:*",
"matchCriteriaId": "BD8EBF09-9B70-4972-85B1-82F41488BE3F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.1.0:p3:*:*:*:*:*:*",
"matchCriteriaId": "076463AA-195F-4CD6-861B-72FE1C8A407F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.1.0:p30:*:*:*:*:*:*",
"matchCriteriaId": "009D2C7B-39B8-400F-80A5-06D56319232C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.1.0:p31:*:*:*:*:*:*",
"matchCriteriaId": "3D5AEB8D-772E-401F-975C-61BDD30B481E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.1.0:p32:*:*:*:*:*:*",
"matchCriteriaId": "2ECAB6C5-518C-4CA4-8B2B-D51115612A8B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.1.0:p33:*:*:*:*:*:*",
"matchCriteriaId": "FECC252C-02AA-41EC-BB84-5C1A6BC0FB8A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.1.0:p34:*:*:*:*:*:*",
"matchCriteriaId": "238324F5-7225-40DD-82E8-52F30F0D3776",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.1.0:p35:*:*:*:*:*:*",
"matchCriteriaId": "4F3C9510-BD43-4F67-9C30-4F82B5D230E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.1.0:p36:*:*:*:*:*:*",
"matchCriteriaId": "51941654-F6FF-4323-AECA-5D1D84308CD2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.1.0:p37:*:*:*:*:*:*",
"matchCriteriaId": "6E800133-1D28-41D1-8D73-9437D741F83B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.1.0:p4:*:*:*:*:*:*",
"matchCriteriaId": "63043834-98E5-47C2-91F1-41B98270ABCA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.1.0:p5:*:*:*:*:*:*",
"matchCriteriaId": "FCF745D0-2EA6-4414-90BC-99D3ED08BB01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.1.0:p6:*:*:*:*:*:*",
"matchCriteriaId": "4823087F-D7FA-4594-8FD3-412DE5EA1F02",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.1.0:p7:*:*:*:*:*:*",
"matchCriteriaId": "6429F9CE-D477-4CFF-B6E0-4BF11B61ED0E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.1.0:p8:*:*:*:*:*:*",
"matchCriteriaId": "A50C58F9-94ED-4D85-8331-2D81F8E0760A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.1.0:p9:*:*:*:*:*:*",
"matchCriteriaId": "9A6AC0BD-FB65-4FAA-B344-66F87F16F8B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.2.0:-:*:*:*:*:*:*",
"matchCriteriaId": "C66704F1-0B5E-4B43-8748-987022F378F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.2.0:b1:*:*:*:*:*:*",
"matchCriteriaId": "B068974F-6F67-4CBB-B567-FCED86E28F22",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.2.0:b2:*:*:*:*:*:*",
"matchCriteriaId": "EA70F36A-EEF6-48DC-B15E-055D0DE8A052",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.2.0:b3:*:*:*:*:*:*",
"matchCriteriaId": "B2017F38-38DB-4E96-B34F-160BC731CBBE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.2.0:b4:*:*:*:*:*:*",
"matchCriteriaId": "0949F399-371B-409C-AF9F-32690D881440",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.2.0:b5:*:*:*:*:*:*",
"matchCriteriaId": "42E1E31A-B5CC-45F2-A2E5-3EEF735499BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.2.0:b6:*:*:*:*:*:*",
"matchCriteriaId": "4B364FCA-500C-458E-B997-82CD0B1D24F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.2.0:b7:*:*:*:*:*:*",
"matchCriteriaId": "0B32E657-917B-482B-B6A4-3D3746992A4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.2.0:b8:*:*:*:*:*:*",
"matchCriteriaId": "2119C732-E024-4DA6-8E47-9E08E5E12602",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.2.0:i1:*:*:*:*:*:*",
"matchCriteriaId": "4F0B99A8-A124-43BD-B8AA-EECC9112346F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.2.0:p1:*:*:*:*:*:*",
"matchCriteriaId": "3FB7221E-BE9F-4529-8E07-8AD547FA3208",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.2.0:p10:*:*:*:*:*:*",
"matchCriteriaId": "30A074AD-9499-46E3-AB67-D6CEE3AA01C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.2.0:p11:*:*:*:*:*:*",
"matchCriteriaId": "A8BD0240-A22B-4273-BD47-C35A8C12E127",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.2.0:p12:*:*:*:*:*:*",
"matchCriteriaId": "DAA5680F-1DD0-48AA-BB7F-15B27365F0FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.2.0:p13:*:*:*:*:*:*",
"matchCriteriaId": "BC2F31CA-D4EB-44E6-9A09-5255D33F4A88",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.2.0:p14:*:*:*:*:*:*",
"matchCriteriaId": "CD80BD69-20C6-4E17-B165-98689179A5A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.2.0:p15:*:*:*:*:*:*",
"matchCriteriaId": "B044D43B-0233-4A0D-A356-B9F9324E2777",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.2.0:p16:*:*:*:*:*:*",
"matchCriteriaId": "7DE79896-EBE5-42F2-A126-2A871BBA1071",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.2.0:p17:*:*:*:*:*:*",
"matchCriteriaId": "51A44E69-EEA1-4B01-B7B3-5BF7B39819E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.2.0:p2:*:*:*:*:*:*",
"matchCriteriaId": "7BCEB6FF-668F-4313-9264-0BF021AFC45F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.2.0:p3:*:*:*:*:*:*",
"matchCriteriaId": "E2342E2D-58B0-43E7-8C01-DF4678520F39",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.2.0:p4:*:*:*:*:*:*",
"matchCriteriaId": "1871B646-CA69-477F-B113-B901AC7B3934",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.2.0:p5:*:*:*:*:*:*",
"matchCriteriaId": "EEC65A72-CAE1-4E28-83EF-7ECAFE921BB6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tribe29:checkmk:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8AF09C00-1AEF-4502-8C7B-3B68F2C35D34",
"versionEndIncluding": "2.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Privilege escalation in jar_signature agent plugin in Checkmk before 2.2.0p18, 2.1.0p38 and 2.0.0p39 allows local user to escalate privileges"
},
{
"lang": "es",
"value": "La escalada de privilegios en el complemento del agente jar_signature en Checkmk anterior a 2.2.0p17, 2.1.0p37 y 2.0.0p39 permite al usuario local escalar privilegios"
}
],
"id": "CVE-2023-6740",
"lastModified": "2024-11-21T08:44:27.517",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.0,
"impactScore": 6.0,
"source": "security@checkmk.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-01-12T08:15:43.920",
"references": [
{
"source": "security@checkmk.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://checkmk.com/werk/16163"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://checkmk.com/werk/16163"
}
],
"sourceIdentifier": "security@checkmk.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-427"
}
],
"source": "security@checkmk.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-269"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}