CVE-2024-28829
5.2
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:L/VI:L/VA:L/SC:H/SI:H/SA:H
Summary
Least privilege violation and reliance on untrusted inputs in the mk_informix Checkmk agent plugin before Checkmk 2.3.0p12, 2.2.0p32, 2.1.0p47 and 2.0.0 (EOL) allows local users to escalate privileges.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Checkmk GmbH | Checkmk | 2.3.0 < 2.3.0p12 | affected |
| Checkmk GmbH | Checkmk | 2.2.0 < 2.2.0p32 | affected |
| Checkmk GmbH | Checkmk | 2.1.0 < 2.1.0p47 | affected |
| Checkmk GmbH | Checkmk | 2.0.0 <= 2.0.0p39 | affected |
Weaknesses
- CWE-272: CWE-272: Least Privilege Violation
- CWE-807: CWE-807: Reliance on Untrusted Inputs in a Security Decision
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: total
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.