PT-2023-17228 · Checkmk · Checkmk
Published
2023-04-04
·
Updated
2024-07-23
·
CVE-2023-1768
CVSS v3.1
5.3
Medium
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Checkmk versions 1.6.0 and earlier
Checkmk versions 2.0.0 through 2.0.0p34
Checkmk versions 2.1.0 through 2.1.0p25
Checkmk versions 2.2.0b3 and earlier
Description
Inappropriate error handling in Checkmk causes the symmetric encryption of agent data to fail silently and transmit the data in plaintext in certain configurations.
Recommendations
For Checkmk version 1.6.0, update to a version that includes proper error handling to prevent silent failure of symmetric encryption.
For Checkmk versions 2.0.0 through 2.0.0p34, update to a version that includes proper error handling to prevent silent failure of symmetric encryption.
For Checkmk versions 2.1.0 through 2.1.0p25, update to a version that includes proper error handling to prevent silent failure of symmetric encryption.
For Checkmk versions 2.2.0b3 and earlier, update to a version that includes proper error handling to prevent silent failure of symmetric encryption.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Checkmk