Lucene search
Copyright (C) 2024 Greenbone AGOPENVAS:1361412562310126756HistoryMar 22, 2024 - 12:00 a.m.
Checkmk < 2.1.0p41, 2.2.x < 2.2.0p24 Information Disclosure Vulnerability
2024-03-2200:00:00
Copyright (C) 2024 Greenbone AG
plugins.openvas.org
7
vulnerability
information disclosure
checkmk
version
update
sql injection
cve-2024-1742
greenbone ag
3.8 Low
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N
6.7 Medium
AI Score
Confidence
Low
0.0004 Low
EPSS
Percentile
8.8%
Checkmk is prone to an information disclosure vulnerability.
# SPDX-FileCopyrightText: 2024 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only
CPE = "cpe:/a:check_mk_project:check_mk";
if (description)
{
script_oid("1.3.6.1.4.1.25623.1.0.126756");
script_version("2024-03-25T05:05:45+0000");
script_tag(name:"last_modification", value:"2024-03-25 05:05:45 +0000 (Mon, 25 Mar 2024)");
script_tag(name:"creation_date", value:"2024-03-22 08:20:26 +0000 (Fri, 22 Mar 2024)");
script_tag(name:"cvss_base", value:"1.7");
script_tag(name:"cvss_base_vector", value:"AV:L/AC:L/Au:S/C:P/I:N/A:N");
script_cve_id("CVE-2024-1742");
script_tag(name:"qod_type", value:"remote_banner");
script_tag(name:"solution_type", value:"VendorFix");
script_name("Checkmk < 2.1.0p41, 2.2.x < 2.2.0p24 Information Disclosure Vulnerability");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (C) 2024 Greenbone AG");
script_family("Web application abuses");
script_dependencies("gb_check_mk_web_detect.nasl");
script_mandatory_keys("check_mk/detected");
script_tag(name:"summary", value:"Checkmk is prone to an information disclosure vulnerability.");
script_tag(name:"vuldetect", value:"Checks if a vulnerable version is present on the target host.");
script_tag(name:"insight", value:"In the mk_oracle plugin sqlplus used to be called with the
connection string as an argument. This connection string could contain credentials necessary to
authenticate against the database. These arguments could be extracted by other users (e.g. with
use of ps).");
script_tag(name:"affected", value:"Checkmk versions prior to 2.1.0p41 and 2.2.x prior to
2.2.0p24.");
script_tag(name:"solution", value:"Update to version 2.1.0p41, 2.2.0p24 or later.");
script_xref(name:"URL", value:"https://checkmk.com/werk/16234");
exit(0);
}
include("host_details.inc");
include("version_func.inc");
if( ! port = get_app_port( cpe: CPE, service: "www" ) )
exit( 0 );
if( ! infos = get_app_version_and_location( cpe: CPE, port: port, exit_no_version: TRUE ) )
exit( 0 );
version = infos["version"];
location = infos["location"];
if( version_is_less( version: version, test_version: "2.1.0p41" ) ) {
report = report_fixed_ver( installed_version: version, fixed_version: "2.1.0p41", install_path: location );
security_message( port: port, data: report );
exit( 0 );
}
if( version_in_range_exclusive( version: version, test_version_lo: "2.2.0", test_version_up: "2.2.0p24" ) ) {
report = report_fixed_ver( installed_version: version, fixed_version: "2.2.0p24", install_path: location );
security_message( port: port, data: report );
exit( 0 );
}
exit( 99 );
References
Related
cve
cve
CVE-2024-1742
2024-03-22 11:15:46
nvd
nvd
CVE-2024-1742
2024-03-22 11:15:46
cvelist
cvelist
CVE-2024-1742 Information disclosure in mk_oracle Checkmk agent plugin
2024-03-22 10:26:06
3.8 Low
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N
6.7 Medium
AI Score
Confidence
Low
0.0004 Low
EPSS
Percentile
8.8%
Related for OPENVAS:1361412562310126756