Lucene search

Ubuntu.comUB:CVE-2023-6156

HistoryNov 22, 2023 - 12:00 a.m.

CVE-2023-6156

2023-11-2200:00:00

ubuntu.com

cve-2023-6156

checkmk

livestatus

command execution

authorized users

unix

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

7.4

Confidence

High

EPSS

0.001

Percentile

21.8%

JSON

Improper neutralization of livestatus command delimiters in the
availability timeline in Checkmk <= 2.0.0p39, < 2.1.0p37, and < 2.2.0p15
allows arbitrary livestatus command execution for authorized users.

OSVersionArchitecturePackageVersionFilename
ubuntu18.04noarchcheck-mk< anyUNKNOWN
ubuntu16.04noarchcheck-mk< anyUNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	18.04	noarch	check-mk	< any	UNKNOWN
ubuntu	16.04	noarch	check-mk	< any	UNKNOWN

References

checkmk.com/werk/16221

launchpad.net/bugs/cve/CVE-2023-6156

nvd.nist.gov/vuln/detail/CVE-2023-6156

security-tracker.debian.org/tracker/CVE-2023-6156

www.cve.org/CVERecord?id=CVE-2023-6156

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

7.4

Confidence

High

EPSS

0.001

Percentile

21.8%

JSON

Related for UB:CVE-2023-6156