CVE-2022-48317

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Checkmk versions 2.0.0p1 through 2.0.0p28 Checkmk versions 2.1.0p1 through 2.1.0p10

Description The issue arises from the insecure termination of expired sessions in the RestAPI, allowing an attacker to utilize expired session tokens for communication.

Recommendations For Checkmk versions 2.0.0p1 through 2.0.0p28, update to a version later than 2.0.0p28 to resolve the issue. For Checkmk versions 2.1.0p1 through 2.1.0p10, update to a version later than 2.1.0p10 to resolve the issue.

Fix

Insufficient Session Expiration

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-613

Related Identifiers

CVE-2022-48317

Affected Products

Checkmk

CVE-2022-48317

Weakness Enumeration

Related Identifiers

Affected Products

References · 7