Lucene search
GoogleOSV:CVE-2023-6156HistoryNov 22, 2023 - 5:15 p.m.
CVE-2023-6156
2023-11-2217:15:22
Google
osv.dev
4
cve-2023-6156
improper neutralization
livestatus command
checkmk
arbitrary execution
authorized users
software
CVSS3
8.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
AI Score
7.2
Confidence
High
EPSS
0.001
Percentile
21.8%
Improper neutralization of livestatus command delimiters in the availability timeline in Checkmk <= 2.0.0p39, < 2.1.0p37, and < 2.2.0p15 allows arbitrary livestatus command execution for authorized users.
References
Related
ubuntucve
ubuntucve
CVE-2023-6156
2023-11-22 00:00:00
nvd
nvd
CVE-2023-6156
2023-11-22 17:15:22
prion
prion
Input validation
2023-11-22 17:15:00
cvelist
cvelist
CVE-2023-6156 Livestatus injection in availability timeline
2023-11-22 16:24:15
cve
cve
CVE-2023-6156
2023-11-22 17:15:22
openvas
openvas
Checkmk 2.0.x < 2.1.0p37, 2.2.x < 2.2.0p15 Multiple Vulnerabilities
2023-11-17 00:00:00
CVSS3
8.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
AI Score
7.2
Confidence
High
EPSS
0.001
Percentile
21.8%
Related for OSV:CVE-2023-6156