PT-2023-15897 · Checkmk · Checkmk
Niko Wenselowski
·
Published
2023-01-09
·
Updated
2024-07-23
·
CVE-2022-4884
CVSS v3.1
4.9
Medium
| Vector | AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N |
Name of the Vulnerable Software and Affected Versions
Checkmk versions 2.0.0 through 2.0.0p32
Checkmk versions 2.1.0 through 2.1.0p18
Description
The issue allows an administrator to write mkp files to arbitrary locations via a malicious mkp file, due to a path-traversal vulnerability in MKP storing.
Recommendations
For Checkmk versions 2.0.0 through 2.0.0p32, update to a version later than 2.0.0p32 to resolve the issue.
For Checkmk versions 2.1.0 through 2.1.0p18, update to a version later than 2.1.0p18 to resolve the issue.
Fix
Path traversal
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Checkmk