CVE-2022-46302

Summary

Broad access controls could allow site users to directly interact with the system Apache installation when providing the reverse proxy configurations for Tribe29's Checkmk <= 2.1.0p6, Checkmk <= 2.0.0p27, and all versions of Checkmk 1.6.0 (EOL) allowing an attacker to perform remote code execution with root privileges on the underlying host.

Affected Software

VendorProductVersion RangeStatus
Tribe29Checkmk2.0.0 <= 2.0.0p27affected
Tribe29Checkmk2.1.0 <= 2.1.0p6affected
Tribe29Checkmk1.6.0 <= 1.6.0p30affected

Weaknesses

  • CWE-829: CWE-829 Inclusion of Functionality from Untrusted Control Sphere

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References