Lucene search

GoogleOSV:CVE-2023-0284

HistoryJan 26, 2023 - 9:18 p.m.

CVE-2023-0284

2023-01-2621:18:07

Google

osv.dev

improper input validation

ldap user ids

tribe29 checkmk

attackers

server files

software security

cve-2023-0284

CVSS3

8.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

AI Score

6.8

Confidence

High

EPSS

0.001

Percentile

33.4%

JSON

Improper Input Validation of LDAP user IDs in Tribe29 Checkmk allows attackers that can control LDAP user IDs to manipulate files on the server. Checkmk <= 2.1.0p19, Checkmk <= 2.0.0p32, and all versions of Checkmk 1.6.0 (EOL) are affected.

References

checkmk.com/werk/15181

CVSS3

8.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

AI Score

6.8

Confidence

High

EPSS

0.001

Percentile

33.4%

JSON

Related for OSV:CVE-2023-0284