PT-2025-7490 · Apache+1 · Apache+1
Published
2025-02-19
·
Updated
2025-02-24
·
CVE-2025-1075
CVSS v3.1
7.5
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Checkmk versions prior to 2.3.0p27
Checkmk versions prior to 2.2.0p40
Checkmk version 2.1.0p51
Description
The issue concerns the insertion of sensitive information into log files in Checkmk GmbH's Checkmk, causing LDAP credentials to be written to the Apache error log file, which is accessible to administrators.
Recommendations
For versions prior to 2.3.0p27, update to version 2.3.0p27 or later to resolve the issue.
For versions prior to 2.2.0p40, update to version 2.2.0p40 or later to resolve the issue.
For version 2.1.0p51, consider disabling the logging of sensitive information to the Apache error log file as a temporary workaround, or seek alternative mitigation measures as this version is end-of-life.
Fix
Insertion into Log File
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Apache
Checkmk