CVE-2014-2330

Name of the Vulnerable Software and Affected Versions Check MK versions prior to 1.2.5i2

Description The issue affects the Multisite GUI in Check MK, where multiple cross-site request forgery (CSRF) vulnerabilities exist. These vulnerabilities allow remote attackers to hijack the authentication of users for requests, including uploading arbitrary snapshots and deleting arbitrary files. The impact of these vulnerabilities could be further reaching, although the specifics are not detailed.

Recommendations For versions prior to 1.2.5i2, update to version 1.2.5i2 or later to resolve the issue. As a temporary workaround, consider restricting access to the Multisite GUI to minimize the risk of exploitation.