CVE-2022-48321

Exploit

EPSS 0.28%
Veröffentlicht 20.02.2023 17:15:12
Zuletzt bearbeitet 21.11.2024 07:33:09
Quelle security@checkmk.com
CVE-Watchlists
Login
Unerledigt
Login

SSRF in agent-receiver API

Limited Server-Side Request Forgery (SSRF) in agent-receiver in Tribe29's Checkmk <= 2.1.0p11 allows an attacker to communicate with local network restricted endpoints by use of the host registration API.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 2 Referenzen 5

NVD 21 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Checkmk ≫ Checkmk Version2.1.0 Update-

Checkmk ≫ Checkmk Version2.1.0 Updateb1

Checkmk ≫ Checkmk Version2.1.0 Updateb2

Checkmk ≫ Checkmk Version2.1.0 Updateb3

Checkmk ≫ Checkmk Version2.1.0 Updateb4

Checkmk ≫ Checkmk Version2.1.0 Updateb5

Checkmk ≫ Checkmk Version2.1.0 Updateb6

Checkmk ≫ Checkmk Version2.1.0 Updateb7

Checkmk ≫ Checkmk Version2.1.0 Updateb8

Checkmk ≫ Checkmk Version2.1.0 Updateb9

Checkmk ≫ Checkmk Version2.1.0 Updatep1

Checkmk ≫ Checkmk Version2.1.0 Updatep10

Checkmk ≫ Checkmk Version2.1.0 Updatep11

Checkmk ≫ Checkmk Version2.1.0 Updatep2

Checkmk ≫ Checkmk Version2.1.0 Updatep3

Checkmk ≫ Checkmk Version2.1.0 Updatep4

Checkmk ≫ Checkmk Version2.1.0 Updatep5

Checkmk ≫ Checkmk Version2.1.0 Updatep6

Checkmk ≫ Checkmk Version2.1.0 Updatep7

Checkmk ≫ Checkmk Version2.1.0 Updatep8

Checkmk ≫ Checkmk Version2.1.0 Updatep9

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.28%	0.192

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	3.3	1.8	1.4	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
security@checkmk.com	6.8	2.5	3.7	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

CWE-918 Server-Side Request Forgery (SSRF)

The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.

https://www.sonarsource.com/blog/checkmk-rce-chain-1/

Third Party Advisory

Exploit

https://checkmk.com/werk/14385

Vendor Advisory

Mitigation

https://nvd.nist.gov/vuln/detail/CVE-2022-48321

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-48321

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-48321

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2022-48321