PT-2024-22592 · Checkmk · Checkmk
Published
2024-03-22
·
Updated
2024-12-04
·
CVE-2024-28824
CVSS v3.1
8.8
High
| Vector | AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Checkmk versions prior to 2.3.0b4
Checkmk versions prior to 2.2.0p24
Checkmk versions prior to 2.1.0p41
Checkmk version 2.0.0
Description
The issue is related to a least privilege violation and reliance on untrusted inputs in the mk informix Checkmk agent plugin, allowing local users to escalate privileges.
Recommendations
For Checkmk versions prior to 2.3.0b4, update to version 2.3.0b4 or later.
For Checkmk versions prior to 2.2.0p24, update to version 2.2.0p24 or later.
For Checkmk versions prior to 2.1.0p41, update to version 2.1.0p41 or later.
For Checkmk version 2.0.0, consider upgrading to a supported version, as 2.0.0 is end-of-life.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Checkmk