gsd-2022-46836
Vulnerability from gsd
Modified
2023-12-13 01:19
Details
PHP code injection in watolib auth.php and hosttags.php in Tribe29's Checkmk <= 2.1.0p10, Checkmk <= 2.0.0p27, and Checkmk <= 1.6.0p29 allows an attacker to inject and execute PHP code which will be executed upon request of the vulnerable component.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2022-46836",
"id": "GSD-2022-46836"
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2022-46836"
],
"details": "PHP code injection in watolib auth.php and hosttags.php in Tribe29\u0027s Checkmk \u003c= 2.1.0p10, Checkmk \u003c= 2.0.0p27, and Checkmk \u003c= 1.6.0p29 allows an attacker to inject and execute PHP code which will be executed upon request of the vulnerable component.",
"id": "GSD-2022-46836",
"modified": "2023-12-13T01:19:38.196486Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "security@checkmk.com",
"ID": "CVE-2022-46836",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Checkmk",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "2.0.0",
"version_value": "2.0.0p27"
},
{
"version_affected": "\u003c=",
"version_name": "2.1.0",
"version_value": "2.1.0p10"
},
{
"version_affected": "\u003c=",
"version_name": "1.6.0",
"version_value": "1.6.0p29"
}
]
}
}
]
},
"vendor_name": "Tribe29"
}
]
}
},
"credits": [
{
"lang": "en",
"value": "Stefan Schiller (SonarSource)"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PHP code injection in watolib auth.php and hosttags.php in Tribe29\u0027s Checkmk \u003c= 2.1.0p10, Checkmk \u003c= 2.0.0p27, and Checkmk \u003c= 1.6.0p29 allows an attacker to inject and execute PHP code which will be executed upon request of the vulnerable component."
}
]
},
"impact": {
"cvss": [
{
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:L",
"version": "3.1"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"cweId": "CWE-20",
"lang": "eng",
"value": "CWE-20 Improper Input Validation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://checkmk.com/werk/14383",
"refsource": "MISC",
"url": "https://checkmk.com/werk/14383"
},
{
"name": "https://www.sonarsource.com/blog/checkmk-rce-chain-3/",
"refsource": "MISC",
"url": "https://www.sonarsource.com/blog/checkmk-rce-chain-3/"
}
]
}
},
"nvd.nist.gov": {
"cve": {
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:tribe29:checkmk:2.1.0:-:*:*:*:*:*:*",
"matchCriteriaId": "BC0AC5A2-3724-4942-ABE2-CA9F3B9B4BDA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tribe29:checkmk:2.1.0:b1:*:*:*:*:*:*",
"matchCriteriaId": "E3AAC1AD-C2F5-4171-BD92-95A8BA09E79A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tribe29:checkmk:2.1.0:b2:*:*:*:*:*:*",
"matchCriteriaId": "8CB8C4BB-4AE6-4EA2-8F38-780B627721ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tribe29:checkmk:2.1.0:b3:*:*:*:*:*:*",
"matchCriteriaId": "D0F14106-2A3D-4FC7-A0C7-6EDA75D1A8F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tribe29:checkmk:2.1.0:b4:*:*:*:*:*:*",
"matchCriteriaId": "F8C2DA36-8419-4846-BFA0-A729BE7D72C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tribe29:checkmk:2.1.0:b5:*:*:*:*:*:*",
"matchCriteriaId": "8AA4FA3D-7A59-4597-9D79-B6B020D86BD1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tribe29:checkmk:2.1.0:b6:*:*:*:*:*:*",
"matchCriteriaId": "79F0CF88-FF11-4741-AFF6-9F88F57C2140",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tribe29:checkmk:2.1.0:b7:*:*:*:*:*:*",
"matchCriteriaId": "8E93629E-C0CB-4636-B343-1C0646D8228E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tribe29:checkmk:2.1.0:b8:*:*:*:*:*:*",
"matchCriteriaId": "58102464-E66F-49CD-8952-3F3F9A6A45CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tribe29:checkmk:2.1.0:b9:*:*:*:*:*:*",
"matchCriteriaId": "9C98E509-8466-4F95-ABE7-7ECC91640E04",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tribe29:checkmk:2.1.0:p1:*:*:*:*:*:*",
"matchCriteriaId": "A7B89F71-ABD2-4B2D-AE6B-C0F243E89443",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tribe29:checkmk:2.1.0:p10:*:*:*:*:*:*",
"matchCriteriaId": "002EF417-C702-42E2-9C8F-C9593B43AB03",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tribe29:checkmk:2.1.0:p2:*:*:*:*:*:*",
"matchCriteriaId": "960DF373-EDE6-4318-B6E9-07573ED5907A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tribe29:checkmk:2.1.0:p3:*:*:*:*:*:*",
"matchCriteriaId": "3144AABF-74CB-44EE-A618-8529A8ACFCF6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tribe29:checkmk:2.1.0:p4:*:*:*:*:*:*",
"matchCriteriaId": "88AC7AB0-40DF-44D1-83EA-FDD4D5346BBD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tribe29:checkmk:2.1.0:p5:*:*:*:*:*:*",
"matchCriteriaId": "4285A4A3-3DED-456D-93D4-1B9FDB42C1EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tribe29:checkmk:2.1.0:p6:*:*:*:*:*:*",
"matchCriteriaId": "098FD286-B6CB-4428-9A62-A5F24B4D9E92",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tribe29:checkmk:2.1.0:p7:*:*:*:*:*:*",
"matchCriteriaId": "8400088B-E56E-4D0B-86D5-76D884C8031A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tribe29:checkmk:2.1.0:p8:*:*:*:*:*:*",
"matchCriteriaId": "29554684-FEFF-42B2-B62E-6523782F537C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tribe29:checkmk:2.1.0:p9:*:*:*:*:*:*",
"matchCriteriaId": "91AE66E4-AE6B-4F25-9312-6418FC3E221F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:tribe29:checkmk:2.0.0:-:*:*:*:*:*:*",
"matchCriteriaId": "E5138E25-A5AF-495D-A713-B8BDACC133D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tribe29:checkmk:2.0.0:b1:*:*:*:*:*:*",
"matchCriteriaId": "7AE78B5E-2D00-462B-AC0E-5E68BC36ED1B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tribe29:checkmk:2.0.0:b2:*:*:*:*:*:*",
"matchCriteriaId": "9D69AA9A-C6FF-4A9F-8B02-2F207C4150FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tribe29:checkmk:2.0.0:b3:*:*:*:*:*:*",
"matchCriteriaId": "452F359B-BCB5-46E0-A77A-383C3C2E2D60",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tribe29:checkmk:2.0.0:b4:*:*:*:*:*:*",
"matchCriteriaId": "D9A66C28-A2BA-4091-AB4C-05CDB1D3777F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tribe29:checkmk:2.0.0:b5:*:*:*:*:*:*",
"matchCriteriaId": "463A4A68-810B-4C20-A696-4F94DB20224B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tribe29:checkmk:2.0.0:b6:*:*:*:*:*:*",
"matchCriteriaId": "F4459581-214F-423B-A29D-31C789FD7F1C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tribe29:checkmk:2.0.0:b7:*:*:*:*:*:*",
"matchCriteriaId": "CC0CFABC-A53C-4FD3-A57A-CB72C87A034B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tribe29:checkmk:2.0.0:b8:*:*:*:*:*:*",
"matchCriteriaId": "F96B08FA-8129-4880-86FE-47B08C2B6964",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tribe29:checkmk:2.0.0:i1:*:*:*:*:*:*",
"matchCriteriaId": "CAEB960C-5A5E-4F7C-8588-3F6737AE5DCA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tribe29:checkmk:2.0.0:p1:*:*:*:*:*:*",
"matchCriteriaId": "3CB134CD-0746-47C8-BAB8-2AE9C083C4D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tribe29:checkmk:2.0.0:p10:*:*:*:*:*:*",
"matchCriteriaId": "E4B5DDAA-F7B5-4BFD-836E-F7DA0FC7B0C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tribe29:checkmk:2.0.0:p11:*:*:*:*:*:*",
"matchCriteriaId": "A4DA5440-F376-4952-ABCB-AC557C5944A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tribe29:checkmk:2.0.0:p12:*:*:*:*:*:*",
"matchCriteriaId": "DB7DB93B-CDD2-4662-893B-6E36F9EDA7FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tribe29:checkmk:2.0.0:p13:*:*:*:*:*:*",
"matchCriteriaId": "81DFD64A-FEFD-4EBA-B6EC-28D3F0EEC33B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tribe29:checkmk:2.0.0:p14:*:*:*:*:*:*",
"matchCriteriaId": "918ACC6A-2EE8-401F-B18A-94B8757B202E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tribe29:checkmk:2.0.0:p15:*:*:*:*:*:*",
"matchCriteriaId": "1B6AE143-5A29-4EE8-AF7D-5D495A2248D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tribe29:checkmk:2.0.0:p16:*:*:*:*:*:*",
"matchCriteriaId": "9B678D96-5987-4423-A713-57812B896380",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tribe29:checkmk:2.0.0:p17:*:*:*:*:*:*",
"matchCriteriaId": "A16EA6BD-003D-416E-B6C7-EBE5AA4AC2B5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tribe29:checkmk:2.0.0:p18:*:*:*:*:*:*",
"matchCriteriaId": "7A016627-9BF2-4D25-AB97-172EAEC4C187",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tribe29:checkmk:2.0.0:p19:*:*:*:*:*:*",
"matchCriteriaId": "333FBE01-E5C1-4668-B50F-B64A34E799A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tribe29:checkmk:2.0.0:p2:*:*:*:*:*:*",
"matchCriteriaId": "FE7C4821-74F2-442C-B51F-A52788FC61F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tribe29:checkmk:2.0.0:p20:*:*:*:*:*:*",
"matchCriteriaId": "168E2F68-E3EA-407F-8DCE-BDB1F557FFFA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tribe29:checkmk:2.0.0:p21:*:*:*:*:*:*",
"matchCriteriaId": "D7A74CB5-CC6E-4166-B884-498F2CF1A33E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tribe29:checkmk:2.0.0:p22:*:*:*:*:*:*",
"matchCriteriaId": "42DCB139-5BBE-45F3-80F5-3A43D95A58BB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tribe29:checkmk:2.0.0:p23:*:*:*:*:*:*",
"matchCriteriaId": "1A3E3E6C-DCC0-466D-A505-5F80379CF0AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tribe29:checkmk:2.0.0:p24:*:*:*:*:*:*",
"matchCriteriaId": "1542CDC8-9697-44DE-8F6A-3EB25D07EEE9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tribe29:checkmk:2.0.0:p25:*:*:*:*:*:*",
"matchCriteriaId": "1A5B33FF-EA21-4AEB-8D9A-21DA9DB5892A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tribe29:checkmk:2.0.0:p26:*:*:*:*:*:*",
"matchCriteriaId": "78616E5A-E1FF-40AA-8E13-0B2E84CE6F8F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tribe29:checkmk:2.0.0:p27:*:*:*:*:*:*",
"matchCriteriaId": "5D956394-C3F3-4C88-A791-364AE555D522",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tribe29:checkmk:2.0.0:p3:*:*:*:*:*:*",
"matchCriteriaId": "1982ED3B-A0FA-476A-BFB2-5B7B53289496",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tribe29:checkmk:2.0.0:p4:*:*:*:*:*:*",
"matchCriteriaId": "AA60BF44-AF52-458A-BD3F-9FD5D8408575",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tribe29:checkmk:2.0.0:p5:*:*:*:*:*:*",
"matchCriteriaId": "9BFE55DC-89EA-404F-8DDF-93E351366789",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tribe29:checkmk:2.0.0:p6:*:*:*:*:*:*",
"matchCriteriaId": "C62D8997-DD3B-4B83-B6A5-DFC2408A9164",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tribe29:checkmk:2.0.0:p7:*:*:*:*:*:*",
"matchCriteriaId": "80B4A77F-F636-49BB-8CB6-60064984463F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tribe29:checkmk:2.0.0:p8:*:*:*:*:*:*",
"matchCriteriaId": "356E5744-AB8E-4FBA-992F-74ED8F9086CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tribe29:checkmk:2.0.0:p9:*:*:*:*:*:*",
"matchCriteriaId": "41FB6FFA-F38F-4754-A1E6-35073D84069E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:tribe29:checkmk:1.6.0:-:*:*:*:*:*:*",
"matchCriteriaId": "E15C521C-CD7F-434A-9F43-6ED5C7645DA7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tribe29:checkmk:1.6.0:b1:*:*:*:*:*:*",
"matchCriteriaId": "172724CA-44E1-4768-8BAF-611AE72C8510",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tribe29:checkmk:1.6.0:b10:*:*:*:*:*:*",
"matchCriteriaId": "EE1C7D4B-55E2-4A0B-96AD-4D1645141B43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tribe29:checkmk:1.6.0:b11:*:*:*:*:*:*",
"matchCriteriaId": "BD1E3D74-1902-4958-8919-2077A41DC9C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tribe29:checkmk:1.6.0:b12:*:*:*:*:*:*",
"matchCriteriaId": "7B691D90-C811-43A1-8062-71F2BF0EF5E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tribe29:checkmk:1.6.0:b2:*:*:*:*:*:*",
"matchCriteriaId": "AECA9A0D-0552-4DC2-97D4-F54B2C342177",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tribe29:checkmk:1.6.0:b3:*:*:*:*:*:*",
"matchCriteriaId": "99D39BA7-C78A-4667-95F1-55ACB9FD584F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tribe29:checkmk:1.6.0:b4:*:*:*:*:*:*",
"matchCriteriaId": "5B467203-3B24-4CAE-BEB4-88FEFA2223EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tribe29:checkmk:1.6.0:b5:*:*:*:*:*:*",
"matchCriteriaId": "FDEC890E-D96A-490D-988D-B06C6CD86A05",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tribe29:checkmk:1.6.0:b6:*:*:*:*:*:*",
"matchCriteriaId": "D337C851-FEE8-44EE-A4A2-B3D5BE488C92",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tribe29:checkmk:1.6.0:b7:*:*:*:*:*:*",
"matchCriteriaId": "C38DF519-C97C-4D80-A686-72002CDD9406",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tribe29:checkmk:1.6.0:b8:*:*:*:*:*:*",
"matchCriteriaId": "D812CCC1-053C-4998-9335-2FB6E4A8BED8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tribe29:checkmk:1.6.0:b9:*:*:*:*:*:*",
"matchCriteriaId": "DB52C0F4-B206-4F20-BDB7-3FF2E60185D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tribe29:checkmk:1.6.0:p1:*:*:*:*:*:*",
"matchCriteriaId": "D80533C1-AA9F-481B-A4A4-26AA0695C666",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tribe29:checkmk:1.6.0:p10:*:*:*:*:*:*",
"matchCriteriaId": "FA0AD652-2417-4C33-8299-0411FA002BAF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tribe29:checkmk:1.6.0:p11:*:*:*:*:*:*",
"matchCriteriaId": "29F70025-92A2-4618-A8DD-05098F45625F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tribe29:checkmk:1.6.0:p12:*:*:*:*:*:*",
"matchCriteriaId": "9CAAB02A-CB2D-42F9-9720-520822F88402",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tribe29:checkmk:1.6.0:p13:*:*:*:*:*:*",
"matchCriteriaId": "46C5993C-BEE1-4C9B-BCDB-09A36DA2485E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tribe29:checkmk:1.6.0:p14:*:*:*:*:*:*",
"matchCriteriaId": "53E01ABC-75DA-4323-9E8C-F97321974583",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tribe29:checkmk:1.6.0:p15:*:*:*:*:*:*",
"matchCriteriaId": "77427E05-C4A1-4C28-84B8-947E26CF7EA8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tribe29:checkmk:1.6.0:p16:*:*:*:*:*:*",
"matchCriteriaId": "6036F586-CA74-40DE-B76F-C76357A1E833",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tribe29:checkmk:1.6.0:p17:*:*:*:*:*:*",
"matchCriteriaId": "8F9B59E4-0468-495E-96C8-F765AFED2D67",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tribe29:checkmk:1.6.0:p18:*:*:*:*:*:*",
"matchCriteriaId": "4BD62952-9A86-4FEF-B8FC-3A2F468BFF95",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tribe29:checkmk:1.6.0:p19:*:*:*:*:*:*",
"matchCriteriaId": "84B6760F-4EB5-47C2-BDB1-9D654826B01D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tribe29:checkmk:1.6.0:p2:*:*:*:*:*:*",
"matchCriteriaId": "104EB827-02D7-4AB9-897D-16210E8934D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tribe29:checkmk:1.6.0:p20:*:*:*:*:*:*",
"matchCriteriaId": "232E5841-8303-410C-9191-F9603B808AB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tribe29:checkmk:1.6.0:p21:*:*:*:*:*:*",
"matchCriteriaId": "B9276429-8D0B-4647-AFBE-9A0B158666D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tribe29:checkmk:1.6.0:p22:*:*:*:*:*:*",
"matchCriteriaId": "86E4613C-C843-473F-B7BE-E5759D8D35B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tribe29:checkmk:1.6.0:p23:*:*:*:*:*:*",
"matchCriteriaId": "0FBD73A9-AF27-402E-9B42-B9DF1567CF43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tribe29:checkmk:1.6.0:p24:*:*:*:*:*:*",
"matchCriteriaId": "9EEBA5A8-5330-47A8-9D3E-08A7E22F70C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tribe29:checkmk:1.6.0:p25:*:*:*:*:*:*",
"matchCriteriaId": "3A5E5E38-94BA-4708-80A4-25CF71074E82",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tribe29:checkmk:1.6.0:p26:*:*:*:*:*:*",
"matchCriteriaId": "28FA4030-59CF-43CB-A9B7-E2304E2315DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tribe29:checkmk:1.6.0:p27:*:*:*:*:*:*",
"matchCriteriaId": "1E00E39E-522C-4FDD-B4D7-0444FFC120ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tribe29:checkmk:1.6.0:p28:*:*:*:*:*:*",
"matchCriteriaId": "437611CD-D465-4A9D-91A8-E52EA99AEF2E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tribe29:checkmk:1.6.0:p29:*:*:*:*:*:*",
"matchCriteriaId": "D618A417-5DE0-43DA-BD5B-CB41BE70CAA7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tribe29:checkmk:1.6.0:p3:*:*:*:*:*:*",
"matchCriteriaId": "5703ADA0-75EF-49B5-A826-5E657B71D64F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tribe29:checkmk:1.6.0:p4:*:*:*:*:*:*",
"matchCriteriaId": "2195D39D-5BA2-44F5-8DFB-80A60DBFC866",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tribe29:checkmk:1.6.0:p5:*:*:*:*:*:*",
"matchCriteriaId": "19D8AD44-8893-4F2B-9626-D16C03A39FB9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tribe29:checkmk:1.6.0:p6:*:*:*:*:*:*",
"matchCriteriaId": "E5F07AAF-8E7D-4F9D-82C9-D75B5C3397B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tribe29:checkmk:1.6.0:p7:*:*:*:*:*:*",
"matchCriteriaId": "5A90CBA3-4548-4C23-A368-04A385956720",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tribe29:checkmk:1.6.0:p8:*:*:*:*:*:*",
"matchCriteriaId": "F42920C1-B772-4AA3-A944-6B7636BF5FD9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tribe29:checkmk:1.6.0:p9:*:*:*:*:*:*",
"matchCriteriaId": "B7DFA157-07AD-4A07-8E2F-7D803CD1F267",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "PHP code injection in watolib auth.php and hosttags.php in Tribe29\u0027s Checkmk \u003c= 2.1.0p10, Checkmk \u003c= 2.0.0p27, and Checkmk \u003c= 1.6.0p29 allows an attacker to inject and execute PHP code which will be executed upon request of the vulnerable component."
}
],
"id": "CVE-2022-46836",
"lastModified": "2023-12-21T01:29:29.753",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 3.1,
"impactScore": 5.3,
"source": "security@checkmk.com",
"type": "Secondary"
}
]
},
"published": "2023-02-20T17:15:12.153",
"references": [
{
"source": "security@checkmk.com",
"tags": [
"Vendor Advisory"
],
"url": "https://checkmk.com/werk/14383"
},
{
"source": "security@checkmk.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.sonarsource.com/blog/checkmk-rce-chain-3/"
}
],
"sourceIdentifier": "security@checkmk.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-94"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "security@checkmk.com",
"type": "Secondary"
}
]
}
}
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…