Lucene search
HistoryAug 10, 2023 - 9:15 a.m.
CVE-2023-31209
checkmk
command execution
security vulnerability
CVSS3
8.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
AI Score
8.8
Confidence
High
EPSS
0.001
Percentile
44.8%
Improper neutralization of active check command arguments in Checkmk < 2.1.0p32, < 2.0.0p38, < 2.2.0p4 leads to arbitrary command execution for authenticated users.
Affected configurations
Node
checkmkcheckmkMatch2.0.0-
ORcheckmkcheckmkMatch2.0.0b1
ORcheckmkcheckmkMatch2.0.0b2
ORcheckmkcheckmkMatch2.0.0b3
ORcheckmkcheckmkMatch2.0.0b4
ORcheckmkcheckmkMatch2.0.0b5
ORcheckmkcheckmkMatch2.0.0b6
ORcheckmkcheckmkMatch2.0.0b7
ORcheckmkcheckmkMatch2.0.0b8
ORcheckmkcheckmkMatch2.0.0i1
ORcheckmkcheckmkMatch2.0.0p1
ORcheckmkcheckmkMatch2.0.0p10
ORcheckmkcheckmkMatch2.0.0p11
ORcheckmkcheckmkMatch2.0.0p12
ORcheckmkcheckmkMatch2.0.0p13
ORcheckmkcheckmkMatch2.0.0p14
ORcheckmkcheckmkMatch2.0.0p15
ORcheckmkcheckmkMatch2.0.0p16
ORcheckmkcheckmkMatch2.0.0p17
ORcheckmkcheckmkMatch2.0.0p18
ORcheckmkcheckmkMatch2.0.0p19
ORcheckmkcheckmkMatch2.0.0p2
ORcheckmkcheckmkMatch2.0.0p20
ORcheckmkcheckmkMatch2.0.0p21
ORcheckmkcheckmkMatch2.0.0p22
ORcheckmkcheckmkMatch2.0.0p23
ORcheckmkcheckmkMatch2.0.0p24
ORcheckmkcheckmkMatch2.0.0p25
ORcheckmkcheckmkMatch2.0.0p26
ORcheckmkcheckmkMatch2.0.0p27
ORcheckmkcheckmkMatch2.0.0p28
ORcheckmkcheckmkMatch2.0.0p29
ORcheckmkcheckmkMatch2.0.0p3
ORcheckmkcheckmkMatch2.0.0p30
ORcheckmkcheckmkMatch2.0.0p31
ORcheckmkcheckmkMatch2.0.0p32
ORcheckmkcheckmkMatch2.0.0p33
ORcheckmkcheckmkMatch2.0.0p34
ORcheckmkcheckmkMatch2.0.0p35
ORcheckmkcheckmkMatch2.0.0p36
ORcheckmkcheckmkMatch2.0.0p37
ORcheckmkcheckmkMatch2.0.0p4
ORcheckmkcheckmkMatch2.0.0p5
ORcheckmkcheckmkMatch2.0.0p6
ORcheckmkcheckmkMatch2.0.0p7
ORcheckmkcheckmkMatch2.0.0p8
ORcheckmkcheckmkMatch2.0.0p9
ORcheckmkcheckmkMatch2.1.0-
ORcheckmkcheckmkMatch2.1.0b1
ORcheckmkcheckmkMatch2.1.0b2
ORcheckmkcheckmkMatch2.1.0b3
ORcheckmkcheckmkMatch2.1.0b4
ORcheckmkcheckmkMatch2.1.0b5
ORcheckmkcheckmkMatch2.1.0b6
ORcheckmkcheckmkMatch2.1.0b7
ORcheckmkcheckmkMatch2.1.0b8
ORcheckmkcheckmkMatch2.1.0b9
ORcheckmkcheckmkMatch2.1.0p1
ORcheckmkcheckmkMatch2.1.0p10
ORcheckmkcheckmkMatch2.1.0p11
ORcheckmkcheckmkMatch2.1.0p12
ORcheckmkcheckmkMatch2.1.0p13
ORcheckmkcheckmkMatch2.1.0p14
ORcheckmkcheckmkMatch2.1.0p15
ORcheckmkcheckmkMatch2.1.0p16
ORcheckmkcheckmkMatch2.1.0p17
ORcheckmkcheckmkMatch2.1.0p18
ORcheckmkcheckmkMatch2.1.0p19
ORcheckmkcheckmkMatch2.1.0p2
ORcheckmkcheckmkMatch2.1.0p20
ORcheckmkcheckmkMatch2.1.0p21
ORcheckmkcheckmkMatch2.1.0p22
ORcheckmkcheckmkMatch2.1.0p23
ORcheckmkcheckmkMatch2.1.0p24
ORcheckmkcheckmkMatch2.1.0p25
ORcheckmkcheckmkMatch2.1.0p26
ORcheckmkcheckmkMatch2.1.0p27
ORcheckmkcheckmkMatch2.1.0p28
ORcheckmkcheckmkMatch2.1.0p29
ORcheckmkcheckmkMatch2.1.0p3
ORcheckmkcheckmkMatch2.1.0p30
ORcheckmkcheckmkMatch2.1.0p31
ORcheckmkcheckmkMatch2.1.0p4
ORcheckmkcheckmkMatch2.1.0p5
ORcheckmkcheckmkMatch2.1.0p6
ORcheckmkcheckmkMatch2.1.0p7
ORcheckmkcheckmkMatch2.1.0p8
ORcheckmkcheckmkMatch2.1.0p9
ORcheckmkcheckmkMatch2.2.0-
ORcheckmkcheckmkMatch2.2.0b1
ORcheckmkcheckmkMatch2.2.0b2
ORcheckmkcheckmkMatch2.2.0b3
ORcheckmkcheckmkMatch2.2.0b4
ORcheckmkcheckmkMatch2.2.0b5
ORcheckmkcheckmkMatch2.2.0b6
ORcheckmkcheckmkMatch2.2.0b7
ORcheckmkcheckmkMatch2.2.0b8
ORcheckmkcheckmkMatch2.2.0i1
ORcheckmkcheckmkMatch2.2.0p1
ORcheckmkcheckmkMatch2.2.0p2
ORcheckmkcheckmkMatch2.2.0p3
ORtribe29checkmkRange<2.0.0
| Vendor | Product | Version | CPE |
|---|---|---|---|
| checkmk | checkmk | 2.0.0 | cpe:2.3:a:checkmk:checkmk:2.0.0:-:*:*:*:*:*:* |
| checkmk | checkmk | 2.0.0 | cpe:2.3:a:checkmk:checkmk:2.0.0:b1:*:*:*:*:*:* |
| checkmk | checkmk | 2.0.0 | cpe:2.3:a:checkmk:checkmk:2.0.0:b2:*:*:*:*:*:* |
| checkmk | checkmk | 2.0.0 | cpe:2.3:a:checkmk:checkmk:2.0.0:b3:*:*:*:*:*:* |
| checkmk | checkmk | 2.0.0 | cpe:2.3:a:checkmk:checkmk:2.0.0:b4:*:*:*:*:*:* |
| checkmk | checkmk | 2.0.0 | cpe:2.3:a:checkmk:checkmk:2.0.0:b5:*:*:*:*:*:* |
| checkmk | checkmk | 2.0.0 | cpe:2.3:a:checkmk:checkmk:2.0.0:b6:*:*:*:*:*:* |
| checkmk | checkmk | 2.0.0 | cpe:2.3:a:checkmk:checkmk:2.0.0:b7:*:*:*:*:*:* |
| checkmk | checkmk | 2.0.0 | cpe:2.3:a:checkmk:checkmk:2.0.0:b8:*:*:*:*:*:* |
| checkmk | checkmk | 2.0.0 | cpe:2.3:a:checkmk:checkmk:2.0.0:i1:*:*:*:*:*:* |
References
Related
vulnrichment
vulnrichment
CVE-2023-31209 Command injection via active checks and REST API
2023-08-10 08:14:12
ubuntucve
ubuntucve
CVE-2023-31209
2023-08-10 00:00:00
cve
cve
CVE-2023-31209
2023-08-10 09:15:12
cvelist
cvelist
CVE-2023-31209 Command injection via active checks and REST API
2023-08-10 08:14:12
osv
osv
CVE-2023-31209
2023-08-10 09:15:12
prion
prion
Input validation
2023-08-10 09:15:00
openvas
openvas
CVSS3
8.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
AI Score
8.8
Confidence
High
EPSS
0.001
Percentile
44.8%
Related for NVD:CVE-2023-31209