CVE-2022-4884

Summary

Path-Traversal in MKP storing in Tribe29 Checkmk <=2.0.0p32 and <= 2.1.0p18 allows an administrator to write mkp files to arbitrary locations via a malicious mkp file.

Affected Software

VendorProductVersion RangeStatus
Tribe29Checkmk2.0.0 <= 2.0.0p32affected
Tribe29Checkmk2.1.0 <= 2.1.0p18affected
Tribe29Checkmk1.6.0 <= 1.6.0p30unaffected

Weaknesses

  • CWE-22: CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References