CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:N/A:N
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS
Percentile
87.0%
Check_MK before 1.2.8p26 mishandles certain errors within the failed-login
save feature because of a race condition, which allows remote attackers to
obtain sensitive user information by reading a GUI crash report.
Author | Note |
---|---|
0xnishit | fix 1.2.8p26: https://github.com/tribe29/checkmk/commit/5ac2dd84a1ae62140191fc0f5508b29b2631b74d |
git.mathias-kettner.de/git/?p=check_mk.git;a=commitdiff;h=a4a2cc1f30ff6032899ca80eed29fa26b8898c54
mathias-kettner.com/check_mk_werks.php?edition_id=raw&branch=1.2.8
launchpad.net/bugs/cve/CVE-2017-14955
mathias-kettner.de/check_mk_werks.php?werk_id=5208&HTML=yes
nvd.nist.gov/vuln/detail/CVE-2017-14955
security-tracker.debian.org/tracker/CVE-2017-14955
ubuntu.com/security/notices/USN-5527-1
www.cve.org/CVERecord?id=CVE-2017-14955
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:N/A:N
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS
Percentile
87.0%