PT-2017-13776 · Mathias Kettner+1 · Checkmk+1

Julien Ahrens

Published

2017-10-01

Updated

2024-07-23

CVE-2017-14955

CVSS v3.1

5.9

Medium

Vector

AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions Check MK versions prior to 1.2.8p26

Description The issue arises from a race condition in the failed-login save feature, allowing remote attackers to obtain sensitive user information by reading a GUI crash report. This occurs due to the mishandling of certain errors within the feature.

Recommendations For versions prior to 1.2.8p26, update to version 1.2.8p26 or later to resolve the issue. As a temporary workaround, consider restricting access to GUI crash reports to minimize the risk of exploitation.

Exploit

Fix

Race Condition

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-362CWE-200

Related Identifiers

CVE-2017-14955

USN-5527-1

USN-5527-2

Affected Products

Checkmk

Ubuntu

PT-2017-13776 · Mathias Kettner+1 · Checkmk+1

CVE-2017-14955

Weakness Enumeration

Related Identifiers

Affected Products

References · 26