PT-2017-13776 · Mathias Kettner+1 · Checkmk+1

Julien Ahrens

Publicado

2017-10-01

Atualizado

2024-07-23

CVE-2017-14955

CVSS v3.1

5.9

Média

Vetor

AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions Check MK versions prior to 1.2.8p26

Description The issue arises from a race condition in the failed-login save feature, allowing remote attackers to obtain sensitive user information by reading a GUI crash report. This occurs due to the mishandling of certain errors within the feature.

Recommendations For versions prior to 1.2.8p26, update to version 1.2.8p26 or later to resolve the issue. As a temporary workaround, consider restricting access to GUI crash reports to minimize the risk of exploitation.

Exploit

Correção

Race Condition

Information Disclosure

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-362CWE-200

Identificadores relacionados

CVE-2017-14955

USN-5527-1

USN-5527-2

Produtos afetados

Checkmk

Ubuntu

PT-2017-13776 · Mathias Kettner+1 · Checkmk+1

CVE-2017-14955

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 26