Lucene search
CheckmkCVELIST:CVE-2023-6157HistoryNov 22, 2023 - 4:24 p.m.
CVE-2023-6157 Livestatus injection in ajax_search
2023-11-2216:24:22
CWE-140
Checkmk
www.cve.org
3
cve-2023-6157
livestatus injection
ajax_search
arbitrary command execution
authorized users
CVSS3
7.6
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H
AI Score
9.1
Confidence
High
EPSS
0.001
Percentile
21.8%
Improper neutralization of livestatus command delimiters in ajax_search in Checkmk <= 2.0.0p39, < 2.1.0p37, and < 2.2.0p15 allows arbitrary livestatus command execution for authorized users.
CNA Affected
[
{
"defaultStatus": "unaffected",
"product": "Checkmk",
"vendor": "Checkmk GmbH",
"versions": [
{
"lessThan": "2.2.0p15",
"status": "affected",
"version": "2.2.0",
"versionType": "semver"
},
{
"lessThan": "2.1.0p37",
"status": "affected",
"version": "2.1.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "2.0.0p39",
"status": "affected",
"version": "2.0.0",
"versionType": "semver"
}
]
}
]References
Related
cve
cve
CVE-2023-6157
2023-11-22 17:15:22
osv
osv
CVE-2023-6157
2023-11-22 17:15:22
nvd
nvd
CVE-2023-6157
2023-11-22 17:15:22
prion
prion
Input validation
2023-11-22 17:15:00
ubuntucve
ubuntucve
CVE-2023-6157
2023-11-22 00:00:00
openvas
openvas
Checkmk 2.0.x < 2.1.0p37, 2.2.x < 2.2.0p15 Multiple Vulnerabilities
2023-11-17 00:00:00
CVSS3
7.6
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H
AI Score
9.1
Confidence
High
EPSS
0.001
Percentile
21.8%
Related for CVELIST:CVE-2023-6157