Limited Server-Side Request Forgery (SSRF) in agent-receiver in Tribe29's Checkmk <= 2.1.0p11 allows an attacker to communicate with local network restricted endpoints by use of the host registration API.
References
Link | Resource |
---|---|
https://checkmk.com/werk/14385 | Mitigation Vendor Advisory |
https://www.sonarsource.com/blog/checkmk-rce-chain-1/ | Exploit Third Party Advisory |
Configurations
Configuration 1 (hide)
|
History
09 Jan 2024, 02:10
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 3.3 |
References | () https://www.sonarsource.com/blog/checkmk-rce-chain-1/ - Exploit, Third Party Advisory |
25 Oct 2023, 18:17
Type | Values Removed | Values Added |
---|---|---|
References |
|
02 Mar 2023, 18:35
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:tribe29:checkmk:2.1.0:b4:*:*:*:*:*:* cpe:2.3:a:tribe29:checkmk:2.1.0:p4:*:*:*:*:*:* cpe:2.3:a:tribe29:checkmk:2.1.0:p6:*:*:*:*:*:* cpe:2.3:a:tribe29:checkmk:2.1.0:p10:*:*:*:*:*:* cpe:2.3:a:tribe29:checkmk:2.1.0:p1:*:*:*:*:*:* cpe:2.3:a:tribe29:checkmk:2.1.0:p7:*:*:*:*:*:* cpe:2.3:a:tribe29:checkmk:2.1.0:-:*:*:*:*:*:* cpe:2.3:a:tribe29:checkmk:2.1.0:b6:*:*:*:*:*:* cpe:2.3:a:tribe29:checkmk:2.1.0:b1:*:*:*:*:*:* cpe:2.3:a:tribe29:checkmk:2.1.0:b8:*:*:*:*:*:* cpe:2.3:a:tribe29:checkmk:2.1.0:p2:*:*:*:*:*:* cpe:2.3:a:tribe29:checkmk:2.1.0:b5:*:*:*:*:*:* cpe:2.3:a:tribe29:checkmk:2.1.0:p5:*:*:*:*:*:* cpe:2.3:a:tribe29:checkmk:2.1.0:p3:*:*:*:*:*:* cpe:2.3:a:tribe29:checkmk:2.1.0:b9:*:*:*:*:*:* cpe:2.3:a:tribe29:checkmk:2.1.0:p9:*:*:*:*:*:* cpe:2.3:a:tribe29:checkmk:2.1.0:b2:*:*:*:*:*:* cpe:2.3:a:tribe29:checkmk:2.1.0:b7:*:*:*:*:*:* cpe:2.3:a:tribe29:checkmk:2.1.0:p8:*:*:*:*:*:* cpe:2.3:a:tribe29:checkmk:2.1.0:b3:*:*:*:*:*:* cpe:2.3:a:tribe29:checkmk:2.1.0:p11:*:*:*:*:*:* |
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.8 |
CWE | CWE-918 | |
References | (MISC) https://checkmk.com/werk/14385 - Mitigation, Vendor Advisory | |
First Time |
Tribe29
Tribe29 checkmk |
20 Feb 2023, 17:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-02-20 17:15
Updated : 2024-01-09 02:10
NVD link : CVE-2022-48321
Mitre link : CVE-2022-48321
CVE.ORG link : CVE-2022-48321
JSON object : View
Products Affected
tribe29
- checkmk