PT-2023-16142 · Checkmk · Checkmk
Published
2023-01-24
·
Updated
2024-07-23
·
CVE-2023-0284
CVSS v3.1
6.8
Medium
| Vector | AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Checkmk versions 1.6.0 and earlier
Checkmk versions 2.0.0 through 2.0.0p32
Checkmk versions 2.1.0 through 2.1.0p19
Description
The issue is related to improper input validation of LDAP user IDs, allowing attackers who can control these IDs to manipulate files on the server.
Recommendations
For Checkmk version 1.6.0, update to a supported version.
For Checkmk versions 2.0.0 through 2.0.0p32, update to version 2.0.0p33 or later.
For Checkmk versions 2.1.0 through 2.1.0p19, update to version 2.1.0p20 or later.
Fix
RCE
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Checkmk