CVE-2022-46302

2023-04-2014:15:08

Google

osv.dev

access controls

apache installation

reverse proxy configurations

tribe29 checkmk

remote code execution

root privileges

software vulnerability

8.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

9.2 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

22.0%

JSON

Broad access controls could allow site users to directly interact with the system Apache installation when providing the reverse proxy configurations for Tribe29’s Checkmk <= 2.1.0p6, Checkmk <= 2.0.0p27, and all versions of Checkmk 1.6.0 (EOL) allowing an attacker to perform remote code execution with root privileges on the underlying host.

CPENameOperatorVersion
checkmkeq2.0.0b6
checkmkeq1.4.0i1
checkmkeq1.2.0b5
checkmkeq1.1.7i2
checkmkeq1.6.0
checkmkeq1.5.0i1
checkmkeq1.1.8b1
checkmkeq1.2.1i2
checkmkeq2.1.0b7
checkmkeq1.2.5i3

Name	Operator	Version
checkmk	eq	2.0.0b6
checkmk	eq	1.4.0i1
checkmk	eq	1.2.0b5
checkmk	eq	1.1.7i2
checkmk	eq	1.6.0
checkmk	eq	1.5.0i1
checkmk	eq	1.1.8b1
checkmk	eq	1.2.1i2
checkmk	eq	2.1.0b7
checkmk	eq	1.2.5i3