PT-2024-22594 · Checkmk · Checkmk
Published
2024-05-29
·
Updated
2024-12-04
·
CVE-2024-28826
CVSS v3.1
8.8
High
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Checkmk versions prior to 2.3.0p4
Checkmk versions prior to 2.2.0p27
Checkmk versions prior to 2.1.0p44
Checkmk version 2.0.0
Description
The issue is related to improper restriction of local upload and download paths in the
check sftp component. This allows attackers with sufficient permissions to configure the check to read and write local files on the Checkmk site server.Recommendations
For versions prior to 2.3.0p4, update to version 2.3.0p4 or later.
For versions prior to 2.2.0p27, update to version 2.2.0p27 or later.
For versions prior to 2.1.0p44, update to version 2.1.0p44 or later.
For version 2.0.0, consider upgrading to a supported version, as 2.0.0 is end-of-life.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Checkmk