Checkmk 2.0.x < 2.0.0p29, 2.1.x < 2.1.0p11, 2.2.x < 2.2.0b1 Insufficient Session Expiration Vulnerability

2023-02-2200:00:00

plugins.openvas.org

checkmk

session expiration

vulnerability

version 2.0

version 2.1

version 2.2

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.6

Confidence

High

EPSS

0.002

Percentile

58.6%

JSON

Checkmk is prone to an insufficient session expiration
vulnerability.

# SPDX-FileCopyrightText: 2023 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only

CPE = "cpe:/a:check_mk_project:check_mk";

if (description)
{
  script_oid("1.3.6.1.4.1.25623.1.0.126355");
  script_version("2023-12-20T05:05:58+0000");
  script_tag(name:"last_modification", value:"2023-12-20 05:05:58 +0000 (Wed, 20 Dec 2023)");
  script_tag(name:"creation_date", value:"2023-02-22 09:14:26 +0000 (Wed, 22 Feb 2023)");
  script_tag(name:"cvss_base", value:"10.0");
  script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_tag(name:"severity_vector", value:"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
  script_tag(name:"severity_origin", value:"NVD");
  script_tag(name:"severity_date", value:"2023-03-06 19:26:00 +0000 (Mon, 06 Mar 2023)");

  script_cve_id("CVE-2022-48317");

  script_tag(name:"qod_type", value:"remote_banner");

  script_tag(name:"solution_type", value:"VendorFix");

  script_name("Checkmk 2.0.x < 2.0.0p29, 2.1.x < 2.1.0p11, 2.2.x < 2.2.0b1 Insufficient Session Expiration Vulnerability");

  script_category(ACT_GATHER_INFO);

  script_copyright("Copyright (C) 2023 Greenbone AG");
  script_family("Web application abuses");
  script_dependencies("gb_check_mk_web_detect.nasl");
  script_mandatory_keys("check_mk/detected");

  script_tag(name:"summary", value:"Checkmk is prone to an insufficient session expiration
  vulnerability.");

  script_tag(name:"vuldetect", value:"Checks if a vulnerable version is present on the target host.");

  script_tag(name:"insight", value:"Expired sessions were not securely terminated in the RestAPI
  allowing an attacker to use expired session tokens when communicating with the RestAPI.");

  script_tag(name:"affected", value:"Checkmk versions 2.0.x prior to 2.0.0p29, 2.1.x prior to
  2.1.0p11 and 2.2.x prior to 2.2.0b1.");

  script_tag(name:"solution", value:"Update to version 2.0.0p29, 2.1.0p11, 2.2.0b1 or later.");

  script_xref(name:"URL", value:"https://checkmk.com/werk/14485");

  exit(0);
}

include("host_details.inc");
include("version_func.inc");

if( ! port = get_app_port( cpe: CPE, service: "www" ) )
  exit( 0 );

if( ! infos = get_app_version_and_location( cpe: CPE, port: port, exit_no_version: TRUE ) )
  exit( 0 );

version = infos["version"];
location = infos["location"];

if( version_in_range_exclusive( version: version, test_version_lo: "2.0.0", test_version_up: "2.0.0p29" ) ) {
  report = report_fixed_ver( installed_version: version, fixed_version: "2.0.0p29, 2.1.0p11, 2.2.0b1", install_path: location );
  security_message( port: port, data: report );
  exit( 0 );
}

if( version_in_range_exclusive( version: version, test_version_lo: "2.1.0", test_version_up: "2.1.0p11" ) ) {
  report = report_fixed_ver( installed_version: version, fixed_version: "2.1.0p11, 2.2.0b1", install_path: location );
  security_message( port: port, data: report );
  exit( 0 );
}

if( version_in_range_exclusive( version: version, test_version_lo: "2.2.0", test_version_up: "2.2.0b1" ) ) {
  report = report_fixed_ver( installed_version: version, fixed_version: "2.2.0b1", install_path: location );
  security_message( port: port, data: report );
  exit( 0 );
}

exit( 99 );