PT-2024-22597 · Checkmk · Checkmk
Published
2024-08-20
·
Updated
2024-12-03
·
CVE-2024-28829
CVSS v3.1
7.8
High
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Checkmk versions prior to 2.3.0p12
Checkmk versions prior to 2.2.0p32
Checkmk versions prior to 2.1.0p47
Checkmk version 2.0.0
Description
The issue is related to a least privilege violation and reliance on untrusted inputs in the mk informix Checkmk agent plugin. This allows local users to escalate privileges.
Recommendations
For Checkmk versions prior to 2.3.0p12, update to version 2.3.0p12 or later.
For Checkmk versions prior to 2.2.0p32, update to version 2.2.0p32 or later.
For Checkmk versions prior to 2.1.0p47, update to version 2.1.0p47 or later.
For Checkmk version 2.0.0, consider upgrading to a supported version, as 2.0.0 is end-of-life.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Checkmk