Description
Broad access controls could allow site users to directly interact with the system Apache installation when providing the reverse proxy configurations for Tribe29's Checkmk <= 2.1.0p6, Checkmk <= 2.0.0p27, and all versions of Checkmk 1.6.0 (EOL) allowing an attacker to perform remote code execution with root privileges on the underlying host.
Analysis
Analysis and contextual insights are available on OpenCVE Cloud.
Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).
| Vendor | Product | Default status | Versions | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Tribe29 | Checkmk | unaffected |
|
Configuration 1 [-]
|
No data.
No data available yet.
Remediation
No vendor fix or workaround currently provided.
Additional remediation guidance may be available on OpenCVE Cloud.
Tracking
Sign in to view the affected projects.
Advisories
| Source | ID | Title |
|---|---|---|
 EUVD |
EUVD-2022-49119 | Broad access controls could allow site users to directly interact with the system Apache installation when providing the reverse proxy configurations for Tribe29's Checkmk <= 2.1.0p6, Checkmk <= 2.0.0p27, and all versions of Checkmk 1.6.0 (EOL) allowing an attacker to perform remote code execution with root privileges on the underlying host. |
References
| Link | Providers |
|---|---|
| https://checkmk.com/werk/14281 |
|
History
Wed, 05 Feb 2025 14:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
ssvc
|
MITRE
Status: PUBLISHED
Assigner: Tribe29
Published:
Updated: 2025-02-04T21:43:19.638Z
Reserved: 2023-01-18T15:49:58.114Z
Link: CVE-2022-46302
Vulnrichment
Updated: 2024-08-03T14:31:46.402Z
NVD
Status : Modified
Published: 2023-04-20T14:15:08.177
Modified: 2024-11-21T07:30:20.527
Link: CVE-2022-46302
Redhat
No data.
OpenCVE Enrichment
No data.
Weaknesses