CVE-2022-46303

Summary

Command injection in SMS notifications in Tribe29 Checkmk <= 2.1.0p10, Checkmk <= 2.0.0p27, and Checkmk <= 1.6.0p29 allows an attacker with User Management permissions, as well as LDAP administrators in certain scenarios, to perform arbitrary commands within the context of the application's local permissions.

Affected Software

VendorProductVersion RangeStatus
Tribe29Checkmk2.0.0 <= 2.0.0p27affected
Tribe29Checkmk2.1.0 <= 2.1.0p10affected
Tribe29Checkmk1.6.0 <= 1.6.0p29affected

Weaknesses

  • CWE-20: CWE-20 Improper Input Validation

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References