Lucene search
HistoryAug 10, 2023 - 9:15 a.m.
CVE-2023-31209
cve-2023-31209
checkmk
security vulnerability
arbitrary command execution
nvd
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.7 High
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
21.6%
Improper neutralization of active check command arguments in Checkmk < 2.1.0p32, < 2.0.0p38, < 2.2.0p4 leads to arbitrary command execution for authenticated users.
Affected configurations
Node
tribe29checkmkRange<2.0.0
ORtribe29checkmkMatch2.0.0-
ORtribe29checkmkMatch2.0.0b1
ORtribe29checkmkMatch2.0.0b2
ORtribe29checkmkMatch2.0.0b3
ORtribe29checkmkMatch2.0.0b4
ORtribe29checkmkMatch2.0.0b5
ORtribe29checkmkMatch2.0.0b6
ORtribe29checkmkMatch2.0.0b7
ORtribe29checkmkMatch2.0.0b8
ORtribe29checkmkMatch2.0.0i1
ORtribe29checkmkMatch2.0.0p1
ORtribe29checkmkMatch2.0.0p10
ORtribe29checkmkMatch2.0.0p11
ORtribe29checkmkMatch2.0.0p12
ORtribe29checkmkMatch2.0.0p13
ORtribe29checkmkMatch2.0.0p14
ORtribe29checkmkMatch2.0.0p15
ORtribe29checkmkMatch2.0.0p16
ORtribe29checkmkMatch2.0.0p17
ORtribe29checkmkMatch2.0.0p18
ORtribe29checkmkMatch2.0.0p19
ORtribe29checkmkMatch2.0.0p2
ORtribe29checkmkMatch2.0.0p20
ORtribe29checkmkMatch2.0.0p21
ORtribe29checkmkMatch2.0.0p22
ORtribe29checkmkMatch2.0.0p23
ORtribe29checkmkMatch2.0.0p24
ORtribe29checkmkMatch2.0.0p25
ORtribe29checkmkMatch2.0.0p26
ORtribe29checkmkMatch2.0.0p27
ORtribe29checkmkMatch2.0.0p28
ORtribe29checkmkMatch2.0.0p29
ORtribe29checkmkMatch2.0.0p3
ORtribe29checkmkMatch2.0.0p30
ORtribe29checkmkMatch2.0.0p31
ORtribe29checkmkMatch2.0.0p32
ORtribe29checkmkMatch2.0.0p33
ORtribe29checkmkMatch2.0.0p34
ORtribe29checkmkMatch2.0.0p35
ORtribe29checkmkMatch2.0.0p36
ORtribe29checkmkMatch2.0.0p37
ORtribe29checkmkMatch2.0.0p4
ORtribe29checkmkMatch2.0.0p5
ORtribe29checkmkMatch2.0.0p6
ORtribe29checkmkMatch2.0.0p7
ORtribe29checkmkMatch2.0.0p8
ORtribe29checkmkMatch2.0.0p9
ORtribe29checkmkMatch2.1.0-
ORtribe29checkmkMatch2.1.0b1
ORtribe29checkmkMatch2.1.0b2
ORtribe29checkmkMatch2.1.0b3
ORtribe29checkmkMatch2.1.0b4
ORtribe29checkmkMatch2.1.0b5
ORtribe29checkmkMatch2.1.0b6
ORtribe29checkmkMatch2.1.0b7
ORtribe29checkmkMatch2.1.0b8
ORtribe29checkmkMatch2.1.0b9
ORtribe29checkmkMatch2.1.0p1
ORtribe29checkmkMatch2.1.0p10
ORtribe29checkmkMatch2.1.0p11
ORtribe29checkmkMatch2.1.0p12
ORtribe29checkmkMatch2.1.0p13
ORtribe29checkmkMatch2.1.0p14
ORtribe29checkmkMatch2.1.0p15
ORtribe29checkmkMatch2.1.0p16
ORtribe29checkmkMatch2.1.0p17
ORtribe29checkmkMatch2.1.0p18
ORtribe29checkmkMatch2.1.0p19
ORtribe29checkmkMatch2.1.0p2
ORtribe29checkmkMatch2.1.0p20
ORtribe29checkmkMatch2.1.0p21
ORtribe29checkmkMatch2.1.0p22
ORtribe29checkmkMatch2.1.0p23
ORtribe29checkmkMatch2.1.0p24
ORtribe29checkmkMatch2.1.0p25
ORtribe29checkmkMatch2.1.0p26
ORtribe29checkmkMatch2.1.0p27
ORtribe29checkmkMatch2.1.0p28
ORtribe29checkmkMatch2.1.0p29
ORtribe29checkmkMatch2.1.0p3
ORtribe29checkmkMatch2.1.0p30
ORtribe29checkmkMatch2.1.0p31
ORtribe29checkmkMatch2.1.0p4
ORtribe29checkmkMatch2.1.0p5
ORtribe29checkmkMatch2.1.0p6
ORtribe29checkmkMatch2.1.0p7
ORtribe29checkmkMatch2.1.0p8
ORtribe29checkmkMatch2.1.0p9
ORtribe29checkmkMatch2.2.0-
ORtribe29checkmkMatch2.2.0b1
ORtribe29checkmkMatch2.2.0b2
ORtribe29checkmkMatch2.2.0b3
ORtribe29checkmkMatch2.2.0b4
ORtribe29checkmkMatch2.2.0b5
ORtribe29checkmkMatch2.2.0b6
ORtribe29checkmkMatch2.2.0b7
ORtribe29checkmkMatch2.2.0b8
ORtribe29checkmkMatch2.2.0i1
ORtribe29checkmkMatch2.2.0p1
ORtribe29checkmkMatch2.2.0p2
ORtribe29checkmkMatch2.2.0p3
| CPE | Name | Operator | Version |
|---|---|---|---|
| tribe29:checkmk | tribe29 checkmk | lt | 2.0.0 |
| tribe29:checkmk | tribe29 checkmk | eq | 2.1.0 |
| tribe29:checkmk | tribe29 checkmk | eq | 2.2.0 |
CNA Affected
[
{
"defaultStatus": "unaffected",
"product": "Checkmk",
"vendor": "Checkmk GmbH",
"versions": [
{
"lessThan": "2.2.0p4",
"status": "affected",
"version": "2.2.0",
"versionType": "semver"
},
{
"lessThan": "2.1.0p32",
"status": "affected",
"version": "2.1.0",
"versionType": "semver"
},
{
"lessThan": "2.0.0p38",
"status": "affected",
"version": "2.0.0",
"versionType": "semver"
}
]
}
]References
Related
prion
prion
Input validation
2023-08-10 09:15:00
openvas
openvas
osv
osv
CVE-2023-31209
2023-08-10 09:15:12
cvelist
cvelist
CVE-2023-31209 Command injection via active checks and REST API
2023-08-10 08:14:12
nvd
nvd
CVE-2023-31209
2023-08-10 09:15:12
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.7 High
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
21.6%
Related for CVE-2023-31209