Command injection in SMS notifications in Tribe29 Checkmk <= 2.1.0p10, Checkmk <= 2.0.0p27, and Checkmk <= 1.6.0p29 allows an attacker with User Management permissions, as well as LDAP administrators in certain scenarios, to perform arbitrary commands within the context of the application's local permissions.
Metrics
No CVSS v4.0
Attack Vector Adjacent Network
Attack Complexity High
Privileges Required Low
Scope Changed
Confidentiality Impact High
Integrity Impact High
Availability Impact High
User Interaction None
No CVSS v3.0
No CVSS v2
This CVE is not in the KEV list.
Key SSVC decision points have not yet been added.
Affected Vendors & Products
Vendors | Products |
---|---|
Checkmk |
|
Configuration 1 [-]
|
Configuration 2 [-]
|
Configuration 3 [-]
|
No data.
References
Link | Providers |
---|---|
https://checkmk.com/werk/14381 |
History
No history.
MITRE
Status: PUBLISHED
Assigner: Tribe29
Published: 2023-02-20T16:49:49.961Z
Updated: 2024-08-03T14:31:45.469Z
Reserved: 2023-01-18T15:49:58.122Z
Link: CVE-2022-46303
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2023-02-20T17:15:12.073
Modified: 2024-07-23T19:37:16.630
Link: CVE-2022-46303
Redhat
No data.