Path-Traversal in MKP storing in Tribe29 Checkmk <=2.0.0p32 and <= 2.1.0p18 allows an administrator to write mkp files to arbitrary locations via a malicious mkp file.
Metrics
No CVSS v4.0
Attack Vector Network
Attack Complexity Low
Privileges Required High
Scope Unchanged
Confidentiality Impact None
Integrity Impact Low
Availability Impact Low
User Interaction Required
No CVSS v3.0
No CVSS v2
This CVE is not in the KEV list.
Key SSVC decision points have not yet been added.
Affected Vendors & Products
Vendors | Products |
---|---|
Checkmk |
|
Configuration 1 [-]
|
No data.
References
Link | Providers |
---|---|
https://checkmk.com/werk/15065 |
![]() ![]() |
History
No history.

Status: PUBLISHED
Assigner: Tribe29
Published: 2023-01-09T16:11:16.227Z
Updated: 2024-08-03T01:55:45.820Z
Reserved: 2023-01-09T12:41:19.246Z
Link: CVE-2022-4884

No data.

Status : Modified
Published: 2023-01-09T17:15:11.117
Modified: 2024-11-21T07:36:08.353
Link: CVE-2022-4884

No data.