Lucene search

Ubuntu.comUB:CVE-2022-46303

HistoryFeb 20, 2023 - 12:00 a.m.

CVE-2022-46303

2023-02-2000:00:00

ubuntu.com

cve-2022-46303

command injection

sms notifications

tribe29 checkmk

user management permissions

ldap administrators

arbitrary commands

application's local permissions

unix

8 High

CVSS3

Attack Vector

ADJACENT

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

0.001 Low

EPSS

Percentile

43.1%

JSON

Command injection in SMS notifications in Tribe29 Checkmk <= 2.1.0p10,
Checkmk <= 2.0.0p27, and Checkmk <= 1.6.0p29 allows an attacker with User
Management permissions, as well as LDAP administrators in certain
scenarios, to perform arbitrary commands within the context of the
application’s local permissions.

OSVersionArchitecturePackageVersionFilename
ubuntu18.04noarchcheck-mk< anyUNKNOWN
ubuntu16.04noarchcheck-mk< anyUNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	18.04	noarch	check-mk	< any	UNKNOWN
ubuntu	16.04	noarch	check-mk	< any	UNKNOWN

References

checkmk.com/werk/14381

launchpad.net/bugs/cve/CVE-2022-46303

nvd.nist.gov/vuln/detail/CVE-2022-46303

security-tracker.debian.org/tracker/CVE-2022-46303

www.cve.org/CVERecord?id=CVE-2022-46303

8 High

CVSS3

Attack Vector

ADJACENT

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

0.001 Low

EPSS

Percentile

43.1%

JSON

Related for UB:CVE-2022-46303