CVE-2022-46302

Name of the Vulnerable Software and Affected Versions Checkmk versions 1.6.0 through 2.1.0p6 Checkmk version 2.0.0p27

Description The issue allows site users to directly interact with the system Apache installation when providing reverse proxy configurations, enabling an attacker to perform remote code execution with root privileges on the underlying host.

Recommendations For Checkmk versions 1.6.0 through 2.1.0p6, update to a version later than 2.1.0p6 to resolve the issue. For Checkmk version 2.0.0p27, update to a version later than 2.0.0p27 to resolve the issue. As a temporary workaround, consider restricting access to the Apache installation to minimize the risk of exploitation.