Livestatus Query Language (LQL) injection in the AuthUser HTTP query header of Tribe29's Checkmk <= 2.1.0p11, Checkmk <= 2.0.0p28, and all versions of Checkmk 1.6.0 (EOL) allows an attacker to perform direct queries to the application's core from localhost.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: Tribe29

Published: 2023-02-20T16:53:37.606Z

Updated: 2024-08-03T15:02:36.627Z

Reserved: 2023-01-18T15:49:58.108Z

Link: CVE-2022-47909

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Analyzed

Published: 2023-02-20T17:15:12.230

Modified: 2024-07-23T19:37:16.630

Link: CVE-2022-47909

cve-icon Redhat

No data.