CVE-2024-28824
8.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Summary
Least privilege violation and reliance on untrusted inputs in the mk_informix Checkmk agent plugin before Checkmk 2.3.0b4 (beta), 2.2.0p24, 2.1.0p41 and 2.0.0 (EOL) allows local users to escalate privileges.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Checkmk GmbH | Checkmk | 2.3.0 < 2.3.0b4 | affected |
| Checkmk GmbH | Checkmk | 2.2.0 < 2.2.0p24 | affected |
| Checkmk GmbH | Checkmk | 2.1.0 < 2.1.0p41 | affected |
| Checkmk GmbH | Checkmk | 2.0.0 <= 2.0.0p39 | affected |
Weaknesses
- CWE-272: CWE-272: Least Privilege Violation
- CWE-807: CWE-807: Reliance on Untrusted Inputs in a Security Decision
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: total
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.