PT-2015-3706 · Mathias Kettner · Checkmk
Published
2015-08-31
·
Updated
2015-09-01
·
CVE-2014-2331
CVSS v2.0
8.5
High
| Vector | AV:N/AC:M/Au:S/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
Check MK versions 1.2.2p2 through 1.2.3i5
Description
The issue allows remote authenticated users to execute arbitrary Python code via a crafted rules.mk file in a snapshot. This can be exploited by remote attackers.
Recommendations
For versions 1.2.2p2, 1.2.2p3, and 1.2.3i5, consider restricting access to the rules.mk file in snapshots to minimize the risk of exploitation.
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Code Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Checkmk