PT-2024-15710 · Checkmk · Checkmk
Published
2024-03-22
·
Updated
2024-12-04
·
CVE-2024-0638
CVSS v3.1
8.2
High
| Vector | AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Checkmk versions prior to 2.3.0b4 (beta)
Checkmk versions prior to 2.2.0p24
Checkmk versions prior to 2.1.0p41
Checkmk version 2.0.0
Description
The issue is related to a least privilege violation in the Checkmk agent plugins mk oracle, mk oracle.ps1, and mk oracle crs. This allows local users to escalate privileges.
Recommendations
For Checkmk versions prior to 2.3.0b4 (beta), update to version 2.3.0b4 (beta) or later.
For Checkmk versions prior to 2.2.0p24, update to version 2.2.0p24 or later.
For Checkmk versions prior to 2.1.0p41, update to version 2.1.0p41 or later.
For Checkmk version 2.0.0, consider upgrading to a newer version as 2.0.0 is end-of-life.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Checkmk