fkie_nvd - fkie_cve-2023-22359

fkie_cve-2023-22359

Vulnerability from fkie_nvd

Published

2023-06-26 07:15

Modified

2024-11-21 07:44

Severity ?

4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Summary

User enumeration in Checkmk <=2.2.0p4 allows an authenticated attacker to enumerate usernames.

References

▶	URL	Tags
	security@checkmk.com	https://checkmk.com/werk/15890	Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	https://checkmk.com/werk/15890	Vendor Advisory

Impacted products

Vendor	Product	Version
checkmk	checkmk	2.2.0
checkmk	checkmk	2.2.0
checkmk	checkmk	2.2.0
checkmk	checkmk	2.2.0
checkmk	checkmk	2.2.0
checkmk	checkmk	2.2.0
checkmk	checkmk	2.2.0
checkmk	checkmk	2.2.0
checkmk	checkmk	2.2.0
checkmk	checkmk	2.2.0
checkmk	checkmk	2.2.0
checkmk	checkmk	2.2.0
checkmk	checkmk	2.2.0
checkmk	checkmk	2.2.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:checkmk:checkmk:2.2.0:-:*:*:*:*:*:*",
              "matchCriteriaId": "C66704F1-0B5E-4B43-8748-987022F378F8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:checkmk:checkmk:2.2.0:b1:*:*:*:*:*:*",
              "matchCriteriaId": "B068974F-6F67-4CBB-B567-FCED86E28F22",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:checkmk:checkmk:2.2.0:b2:*:*:*:*:*:*",
              "matchCriteriaId": "EA70F36A-EEF6-48DC-B15E-055D0DE8A052",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:checkmk:checkmk:2.2.0:b3:*:*:*:*:*:*",
              "matchCriteriaId": "B2017F38-38DB-4E96-B34F-160BC731CBBE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:checkmk:checkmk:2.2.0:b4:*:*:*:*:*:*",
              "matchCriteriaId": "0949F399-371B-409C-AF9F-32690D881440",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:checkmk:checkmk:2.2.0:b5:*:*:*:*:*:*",
              "matchCriteriaId": "42E1E31A-B5CC-45F2-A2E5-3EEF735499BA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:checkmk:checkmk:2.2.0:b6:*:*:*:*:*:*",
              "matchCriteriaId": "4B364FCA-500C-458E-B997-82CD0B1D24F9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:checkmk:checkmk:2.2.0:b7:*:*:*:*:*:*",
              "matchCriteriaId": "0B32E657-917B-482B-B6A4-3D3746992A4F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:checkmk:checkmk:2.2.0:b8:*:*:*:*:*:*",
              "matchCriteriaId": "2119C732-E024-4DA6-8E47-9E08E5E12602",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:checkmk:checkmk:2.2.0:i1:*:*:*:*:*:*",
              "matchCriteriaId": "4F0B99A8-A124-43BD-B8AA-EECC9112346F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:checkmk:checkmk:2.2.0:p1:*:*:*:*:*:*",
              "matchCriteriaId": "3FB7221E-BE9F-4529-8E07-8AD547FA3208",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:checkmk:checkmk:2.2.0:p2:*:*:*:*:*:*",
              "matchCriteriaId": "7BCEB6FF-668F-4313-9264-0BF021AFC45F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:checkmk:checkmk:2.2.0:p3:*:*:*:*:*:*",
              "matchCriteriaId": "E2342E2D-58B0-43E7-8C01-DF4678520F39",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:checkmk:checkmk:2.2.0:p4:*:*:*:*:*:*",
              "matchCriteriaId": "1871B646-CA69-477F-B113-B901AC7B3934",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "User enumeration in Checkmk \u003c=2.2.0p4 allows an authenticated attacker to enumerate usernames."
    }
  ],
  "id": "CVE-2023-22359",
  "lastModified": "2024-11-21T07:44:37.807",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 1.4,
        "source": "security@checkmk.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 1.4,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2023-06-26T07:15:09.297",
  "references": [
    {
      "source": "security@checkmk.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://checkmk.com/werk/15890"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://checkmk.com/werk/15890"
    }
  ],
  "sourceIdentifier": "security@checkmk.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-203"
        }
      ],
      "source": "security@checkmk.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CVE-2023-22359 (GCVE-0-2023-22359)

Vulnerability from cvelistv5

Published

2023-06-26 06:51

Modified

2024-08-28 20:25

Severity ?

4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

CWE

CWE-203 - Observable Discrepancy

Summary

User enumeration in Checkmk <=2.2.0p4 allows an authenticated attacker to enumerate usernames.

References

►

URL

Tags

https://checkmk.com/werk/15890