CVE-2023-31210

Name of the Vulnerable Software and Affected Versions Checkmk versions 2.2.0p10 through 2.2.0p16

Description The issue concerns the usage of user-controlled LD LIBRARY PATH in the agent of Checkmk, allowing a malicious Checkmk site user to escalate rights via the injection of malicious libraries.

Recommendations For Checkmk versions 2.2.0p10 through 2.2.0p16, consider restricting access to the LD LIBRARY PATH environment variable to prevent malicious library injections until a patch is available. As a temporary workaround, disabling the use of user-controlled LD LIBRARY PATH in the agent can help minimize the risk of exploitation.