Lucene search
HistoryFeb 20, 2023 - 5:15 p.m.
CVE-2022-47909
livestatus query language
tribe29's checkmk
lql injection
authuser http query
2.1.0p11
2.0.0p28
1.6.0
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.1 High
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
9.1%
Livestatus Query Language (LQL) injection in the AuthUser HTTP query header ofΒ Tribe29βs Checkmk <= 2.1.0p11, Checkmk <= 2.0.0p28, and all versions of Checkmk 1.6.0 (EOL) allows an attacker to perform direct queries to the applicationβs core from localhost.
Affected configurations
Node
tribe29checkmkMatch2.1.0-
ORtribe29checkmkMatch2.1.0b1
ORtribe29checkmkMatch2.1.0b2
ORtribe29checkmkMatch2.1.0b3
ORtribe29checkmkMatch2.1.0b4
ORtribe29checkmkMatch2.1.0b5
ORtribe29checkmkMatch2.1.0b6
ORtribe29checkmkMatch2.1.0b7
ORtribe29checkmkMatch2.1.0b8
ORtribe29checkmkMatch2.1.0b9
ORtribe29checkmkMatch2.1.0p1
ORtribe29checkmkMatch2.1.0p10
ORtribe29checkmkMatch2.1.0p11
ORtribe29checkmkMatch2.1.0p2
ORtribe29checkmkMatch2.1.0p3
ORtribe29checkmkMatch2.1.0p4
ORtribe29checkmkMatch2.1.0p5
ORtribe29checkmkMatch2.1.0p6
ORtribe29checkmkMatch2.1.0p7
ORtribe29checkmkMatch2.1.0p8
ORtribe29checkmkMatch2.1.0p9
Node
tribe29checkmkMatch2.0.0-
ORtribe29checkmkMatch2.0.0b1
ORtribe29checkmkMatch2.0.0b2
ORtribe29checkmkMatch2.0.0b3
ORtribe29checkmkMatch2.0.0b4
ORtribe29checkmkMatch2.0.0b5
ORtribe29checkmkMatch2.0.0b6
ORtribe29checkmkMatch2.0.0b7
ORtribe29checkmkMatch2.0.0b8
ORtribe29checkmkMatch2.0.0i1
ORtribe29checkmkMatch2.0.0p1
ORtribe29checkmkMatch2.0.0p10
ORtribe29checkmkMatch2.0.0p11
ORtribe29checkmkMatch2.0.0p12
ORtribe29checkmkMatch2.0.0p13
ORtribe29checkmkMatch2.0.0p14
ORtribe29checkmkMatch2.0.0p15
ORtribe29checkmkMatch2.0.0p16
ORtribe29checkmkMatch2.0.0p17
ORtribe29checkmkMatch2.0.0p18
ORtribe29checkmkMatch2.0.0p19
ORtribe29checkmkMatch2.0.0p2
ORtribe29checkmkMatch2.0.0p20
ORtribe29checkmkMatch2.0.0p21
ORtribe29checkmkMatch2.0.0p22
ORtribe29checkmkMatch2.0.0p23
ORtribe29checkmkMatch2.0.0p24
ORtribe29checkmkMatch2.0.0p25
ORtribe29checkmkMatch2.0.0p26
ORtribe29checkmkMatch2.0.0p27
ORtribe29checkmkMatch2.0.0p28
ORtribe29checkmkMatch2.0.0p3
ORtribe29checkmkMatch2.0.0p4
ORtribe29checkmkMatch2.0.0p5
ORtribe29checkmkMatch2.0.0p6
ORtribe29checkmkMatch2.0.0p7
ORtribe29checkmkMatch2.0.0p8
ORtribe29checkmkMatch2.0.0p9
Node
tribe29checkmkMatch1.6.0-
ORtribe29checkmkMatch1.6.0b1
ORtribe29checkmkMatch1.6.0b10
ORtribe29checkmkMatch1.6.0b11
ORtribe29checkmkMatch1.6.0b12
ORtribe29checkmkMatch1.6.0b2
ORtribe29checkmkMatch1.6.0b3
ORtribe29checkmkMatch1.6.0b4
ORtribe29checkmkMatch1.6.0b5
ORtribe29checkmkMatch1.6.0b6
ORtribe29checkmkMatch1.6.0b7
ORtribe29checkmkMatch1.6.0b8
ORtribe29checkmkMatch1.6.0b9
ORtribe29checkmkMatch1.6.0p1
ORtribe29checkmkMatch1.6.0p10
ORtribe29checkmkMatch1.6.0p11
ORtribe29checkmkMatch1.6.0p12
ORtribe29checkmkMatch1.6.0p13
ORtribe29checkmkMatch1.6.0p14
ORtribe29checkmkMatch1.6.0p15
ORtribe29checkmkMatch1.6.0p16
ORtribe29checkmkMatch1.6.0p17
ORtribe29checkmkMatch1.6.0p18
ORtribe29checkmkMatch1.6.0p19
ORtribe29checkmkMatch1.6.0p2
ORtribe29checkmkMatch1.6.0p20
ORtribe29checkmkMatch1.6.0p21
ORtribe29checkmkMatch1.6.0p22
ORtribe29checkmkMatch1.6.0p23
ORtribe29checkmkMatch1.6.0p24
ORtribe29checkmkMatch1.6.0p25
ORtribe29checkmkMatch1.6.0p26
ORtribe29checkmkMatch1.6.0p27
ORtribe29checkmkMatch1.6.0p28
ORtribe29checkmkMatch1.6.0p29
ORtribe29checkmkMatch1.6.0p3
ORtribe29checkmkMatch1.6.0p30
ORtribe29checkmkMatch1.6.0p4
ORtribe29checkmkMatch1.6.0p5
ORtribe29checkmkMatch1.6.0p6
ORtribe29checkmkMatch1.6.0p7
ORtribe29checkmkMatch1.6.0p8
ORtribe29checkmkMatch1.6.0p9
Related
cvelist
cvelist
CVE-2022-47909 LQL Injection in Livestatus HTTP headers
2023-02-20 16:53:37
cve
cve
CVE-2022-47909
2023-02-20 17:15:12
githubexploit
githubexploit
Exploit for Improper Input Validation in Tribe29 Checkmk
2023-03-27 02:16:51
prion
prion
Code injection
2023-02-20 17:15:00
osv
osv
CVE-2022-47909
2023-02-20 17:15:12
ubuntucve
ubuntucve
CVE-2022-47909
2023-02-20 00:00:00
openvas
openvas
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.1 High
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
9.1%
Related for NVD:CVE-2022-47909