Command injection

2023-02-2017:15:00

PRIOn knowledge base

www.prio-n.com

command injection

sms notifications

tribe29 checkmk

user management permissions

ldap administrators

0.001 Low

EPSS

Percentile

43.1%

JSON

Command injection in SMS notifications in Tribe29 Checkmk <= 2.1.0p10, Checkmk <= 2.0.0p27, and Checkmk <= 1.6.0p29 allows an attacker with User Management permissions, as well as LDAP administrators in certain scenarios, to perform arbitrary commands within the context of the application’s local permissions.

CPENameOperatorVersion
checkmkeq2.1.0 b2
checkmkeq2.1.0 b3
checkmkeq2.1.0 b4
checkmkeq2.1.0 b5
checkmkeq2.1.0 b6
checkmkeq2.1.0 b7
checkmkeq2.1.0 b8
checkmkeq2.1.0 b9
checkmkeq2.1.0 b1
checkmkeq2.1.0 p1

Name	Operator	Version
checkmk	eq	2.1.0 b2
checkmk	eq	2.1.0 b3
checkmk	eq	2.1.0 b4
checkmk	eq	2.1.0 b5
checkmk	eq	2.1.0 b6
checkmk	eq	2.1.0 b7
checkmk	eq	2.1.0 b8
checkmk	eq	2.1.0 b9
checkmk	eq	2.1.0 b1
checkmk	eq	2.1.0 p1

Rows per page:

1-10 of 991

References

checkmk.com/werk/14381

0.001 Low

EPSS

Percentile

43.1%

JSON

Related for PRION:CVE-2022-46303