Checkmk 2.1.x < 2.1.0p12, 2.2.x < 2.2.0b1 SSRF Vulnerability

2023-02-2200:00:00

plugins.openvas.org

vulnerability

checkmk

ssrf

server-side request forgery

greenbone ag

cve-2022-48321

update

version 2.1.0p12

version 2.2.0b1

web application abuses

CVSS3

6.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L

AI Score

5.3

Confidence

High

EPSS

Percentile

13.5%

JSON

Checkmk is prone to a server-side request forgery (SSRF)
vulnerability.

# SPDX-FileCopyrightText: 2023 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only

CPE = "cpe:/a:check_mk_project:check_mk";

if (description)
{
  script_oid("1.3.6.1.4.1.25623.1.0.126358");
  script_version("2024-06-27T05:05:29+0000");
  script_tag(name:"last_modification", value:"2024-06-27 05:05:29 +0000 (Thu, 27 Jun 2024)");
  script_tag(name:"creation_date", value:"2023-02-22 10:31:26 +0000 (Wed, 22 Feb 2023)");
  script_tag(name:"cvss_base", value:"1.7");
  script_tag(name:"cvss_base_vector", value:"AV:L/AC:L/Au:S/C:P/I:N/A:N");
  script_tag(name:"severity_vector", value:"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N");
  script_tag(name:"severity_origin", value:"NVD");
  script_tag(name:"severity_date", value:"2024-01-09 02:10:00 +0000 (Tue, 09 Jan 2024)");

  script_cve_id("CVE-2022-48321");

  script_tag(name:"qod_type", value:"remote_banner");

  script_tag(name:"solution_type", value:"VendorFix");

  script_name("Checkmk 2.1.x < 2.1.0p12, 2.2.x < 2.2.0b1 SSRF Vulnerability");

  script_category(ACT_GATHER_INFO);

  script_copyright("Copyright (C) 2023 Greenbone AG");
  script_family("Web application abuses");
  script_dependencies("gb_check_mk_web_detect.nasl");
  script_mandatory_keys("check_mk/detected");

  script_tag(name:"summary", value:"Checkmk is prone to a server-side request forgery (SSRF)
  vulnerability.");

  script_tag(name:"vuldetect", value:"Checks if a vulnerable version is present on the target host.");

  script_tag(name:"insight", value:"Server-Side Request Forgery (SSRF) in agent-receiver allows an
  attacker to communicate with local network restricted endpoints by use of the host registration
  API.");

  script_tag(name:"affected", value:"Checkmk versions 2.1.x prior to 2.1.0p12 and 2.2.x prior to
  2.2.0b1.");

  script_tag(name:"solution", value:"Update to version 2.1.0p12, 2.2.0b1 or later.");

  script_xref(name:"URL", value:"https://checkmk.com/werk/14385");

  exit(0);
}

include("host_details.inc");
include("version_func.inc");

if( ! port = get_app_port( cpe: CPE, service: "www" ) )
  exit( 0 );

if( ! infos = get_app_version_and_location( cpe: CPE, port: port, exit_no_version: TRUE ) )
  exit( 0 );

version = infos["version"];
location = infos["location"];

if( version_in_range_exclusive( version: version, test_version_lo: "2.1.0", test_version_up: "2.1.0p12" ) ) {
  report = report_fixed_ver( installed_version: version, fixed_version: "2.1.0p12, 2.2.0b1", install_path: location );
  security_message( port: port, data: report );
  exit( 0 );
}

if( version_in_range_exclusive( version: version, test_version_lo: "2.2.0", test_version_up: "2.2.0b1" ) ) {
  report = report_fixed_ver( installed_version: version, fixed_version: "2.2.0b1", install_path: location );
  security_message( port: port, data: report );
  exit( 0 );
}

exit( 99 );