Lucene search
HistoryApr 20, 2023 - 2:15 p.m.
CVE-2022-46302
cve-2022-46302
site users
reverse proxy configurations
tribe29's checkmk
remote code execution
nvd
access controls
8.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
8.9 High
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
21.6%
Broad access controls could allow site users to directly interact with the system Apache installation when providing the reverse proxy configurations for Tribe29’s Checkmk <= 2.1.0p6, Checkmk <= 2.0.0p27, and all versions of Checkmk 1.6.0 (EOL) allowing an attacker to perform remote code execution with root privileges on the underlying host.
Affected configurations
Node
tribe29checkmkMatch1.6.0-
ORtribe29checkmkMatch1.6.0b1
ORtribe29checkmkMatch1.6.0b10
ORtribe29checkmkMatch1.6.0b11
ORtribe29checkmkMatch1.6.0b12
ORtribe29checkmkMatch1.6.0b2
ORtribe29checkmkMatch1.6.0b3
ORtribe29checkmkMatch1.6.0b4
ORtribe29checkmkMatch1.6.0b5
ORtribe29checkmkMatch1.6.0b6
ORtribe29checkmkMatch1.6.0b7
ORtribe29checkmkMatch1.6.0b8
ORtribe29checkmkMatch1.6.0b9
ORtribe29checkmkMatch1.6.0p1
ORtribe29checkmkMatch1.6.0p10
ORtribe29checkmkMatch1.6.0p11
ORtribe29checkmkMatch1.6.0p12
ORtribe29checkmkMatch1.6.0p13
ORtribe29checkmkMatch1.6.0p14
ORtribe29checkmkMatch1.6.0p15
ORtribe29checkmkMatch1.6.0p16
ORtribe29checkmkMatch1.6.0p17
ORtribe29checkmkMatch1.6.0p18
ORtribe29checkmkMatch1.6.0p19
ORtribe29checkmkMatch1.6.0p2
ORtribe29checkmkMatch1.6.0p20
ORtribe29checkmkMatch1.6.0p21
ORtribe29checkmkMatch1.6.0p22
ORtribe29checkmkMatch1.6.0p23
ORtribe29checkmkMatch1.6.0p24
ORtribe29checkmkMatch1.6.0p25
ORtribe29checkmkMatch1.6.0p26
ORtribe29checkmkMatch1.6.0p27
ORtribe29checkmkMatch1.6.0p28
ORtribe29checkmkMatch1.6.0p29
ORtribe29checkmkMatch1.6.0p30
ORtribe29checkmkMatch2.0.0-
ORtribe29checkmkMatch2.0.0b1
ORtribe29checkmkMatch2.0.0b2
ORtribe29checkmkMatch2.0.0b3
ORtribe29checkmkMatch2.0.0b4
ORtribe29checkmkMatch2.0.0b5
ORtribe29checkmkMatch2.0.0b6
ORtribe29checkmkMatch2.0.0b7
ORtribe29checkmkMatch2.0.0b8
ORtribe29checkmkMatch2.0.0i1
ORtribe29checkmkMatch2.0.0p1
ORtribe29checkmkMatch2.0.0p10
ORtribe29checkmkMatch2.0.0p11
ORtribe29checkmkMatch2.0.0p12
ORtribe29checkmkMatch2.0.0p13
ORtribe29checkmkMatch2.0.0p14
ORtribe29checkmkMatch2.0.0p15
ORtribe29checkmkMatch2.0.0p16
ORtribe29checkmkMatch2.0.0p17
ORtribe29checkmkMatch2.0.0p18
ORtribe29checkmkMatch2.0.0p19
ORtribe29checkmkMatch2.0.0p2
ORtribe29checkmkMatch2.0.0p20
ORtribe29checkmkMatch2.0.0p21
ORtribe29checkmkMatch2.0.0p22
ORtribe29checkmkMatch2.0.0p23
ORtribe29checkmkMatch2.0.0p24
ORtribe29checkmkMatch2.0.0p25
ORtribe29checkmkMatch2.0.0p26
ORtribe29checkmkMatch2.0.0p27
ORtribe29checkmkMatch2.0.0p3
ORtribe29checkmkMatch2.0.0p4
ORtribe29checkmkMatch2.0.0p5
ORtribe29checkmkMatch2.0.0p6
ORtribe29checkmkMatch2.0.0p7
ORtribe29checkmkMatch2.0.0p8
ORtribe29checkmkMatch2.0.0p9
ORtribe29checkmkMatch2.1.0-
ORtribe29checkmkMatch2.1.0b1
ORtribe29checkmkMatch2.1.0b2
ORtribe29checkmkMatch2.1.0b3
ORtribe29checkmkMatch2.1.0b4
ORtribe29checkmkMatch2.1.0b5
ORtribe29checkmkMatch2.1.0b6
ORtribe29checkmkMatch2.1.0b7
ORtribe29checkmkMatch2.1.0b8
ORtribe29checkmkMatch2.1.0b9
ORtribe29checkmkMatch2.1.0p1
ORtribe29checkmkMatch2.1.0p2
ORtribe29checkmkMatch2.1.0p3
ORtribe29checkmkMatch2.1.0p4
ORtribe29checkmkMatch2.1.0p5
ORtribe29checkmkMatch2.1.0p6
| CPE | Name | Operator | Version |
|---|---|---|---|
| tribe29:checkmk | tribe29 checkmk | eq | 1.6.0 |
| tribe29:checkmk | tribe29 checkmk | eq | 2.0.0 |
| tribe29:checkmk | tribe29 checkmk | eq | 2.1.0 |
CNA Affected
[
{
"defaultStatus": "unaffected",
"product": "Checkmk",
"vendor": "Tribe29",
"versions": [
{
"lessThanOrEqual": "2.0.0p27",
"status": "affected",
"version": "2.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "2.1.0p6",
"status": "affected",
"version": "2.1.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "1.6.0p30",
"status": "affected",
"version": "1.6.0",
"versionType": "semver"
}
]
}
]References
Related
nvd
nvd
CVE-2022-46302
2023-04-20 14:15:08
osv
osv
CVE-2022-46302
2023-04-20 14:15:08
ubuntucve
ubuntucve
CVE-2022-46302
2023-04-20 00:00:00
openvas
openvas
Checkmk < 2.0.0p28, 2.1.x < 2.1.0p7, 2.2.x < 2.2.0b1 RCE Vulnerability
2023-04-21 00:00:00
prion
prion
Remote code execution
2023-04-20 14:15:00
cvelist
cvelist
8.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
8.9 High
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
21.6%
Related for CVE-2022-46302