CVE-2024-47091

Name of the Vulnerable Software and Affected Versions Checkmk versions prior to 2.4.0p29 Checkmk versions prior to 2.3.0p47 Checkmk version 2.2.0

Description A privilege escalation issue exists in the mk mysql agent plugin on Windows. A local unprivileged user who can create a Windows service named 'MySQL' or 'MariaDB', or who has write access to a binary referenced by such a service, can execute arbitrary code. This execution occurs within the context of the Checkmk agent service, which typically operates with SYSTEM privileges.

Recommendations Update to version 2.4.0p29 or later. Update to version 2.3.0p47 or later. At the moment, there is no information about a newer version that contains a fix for this vulnerability.