5.5
CVE-2023-6287
- EPSS 0.09%
- Veröffentlicht 27.11.2023 14:15:08
- Zuletzt bearbeitet 21.11.2024 08:43:32
- Quelle security@checkmk.com
- CVE-Watchlists
- Unerledigt
LoginSensitive data exposure in Webconf in Tribe29 Checkmk Appliance before 1.6.8 allows local attacker to retrieve passwords via reading log files.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Tribe29 ≫ Checkmk Appliance Firmware Version < 1.6.8
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.09% | 0.265 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5.5 | 1.8 | 3.6 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
|
| security@checkmk.com | 3.3 | 1.8 | 1.4 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
|
CWE-532 Insertion of Sensitive Information into Log File
The product writes sensitive information to a log file.
CWE-598 Use of GET Request Method With Sensitive Query Strings
The web application uses the HTTP GET method to process a request and includes sensitive information in the query string of that request.