6.8

CVE-2022-48321

Exploit
Limited Server-Side Request Forgery (SSRF) in agent-receiver in Tribe29's Checkmk <= 2.1.0p11 allows an attacker to communicate with local network restricted endpoints by use of the host registration API.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
CheckmkCheckmk Version2.1.0 Update-
CheckmkCheckmk Version2.1.0 Updateb1
CheckmkCheckmk Version2.1.0 Updateb2
CheckmkCheckmk Version2.1.0 Updateb3
CheckmkCheckmk Version2.1.0 Updateb4
CheckmkCheckmk Version2.1.0 Updateb5
CheckmkCheckmk Version2.1.0 Updateb6
CheckmkCheckmk Version2.1.0 Updateb7
CheckmkCheckmk Version2.1.0 Updateb8
CheckmkCheckmk Version2.1.0 Updateb9
CheckmkCheckmk Version2.1.0 Updatep1
CheckmkCheckmk Version2.1.0 Updatep10
CheckmkCheckmk Version2.1.0 Updatep11
CheckmkCheckmk Version2.1.0 Updatep2
CheckmkCheckmk Version2.1.0 Updatep3
CheckmkCheckmk Version2.1.0 Updatep4
CheckmkCheckmk Version2.1.0 Updatep5
CheckmkCheckmk Version2.1.0 Updatep6
CheckmkCheckmk Version2.1.0 Updatep7
CheckmkCheckmk Version2.1.0 Updatep8
CheckmkCheckmk Version2.1.0 Updatep9
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.1% 0.273
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 3.3 1.8 1.4
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
security@checkmk.com 6.8 2.5 3.7
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L
CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

CWE-918 Server-Side Request Forgery (SSRF)

The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.

https://checkmk.com/werk/14385
Vendor Advisory
Mitigation