Description
Improper neutralization of livestatus command delimiters in the availability timeline in Checkmk <= 2.0.0p39, < 2.1.0p37, and < 2.2.0p15 allows arbitrary livestatus command execution for authorized users.
Analysis
Analysis and contextual insights are available on OpenCVE Cloud.
Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).
| Vendor | Product | Default status | Versions | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Checkmk GmbH | Checkmk | unaffected |
|
Configuration 1 [-]
|
No data.
No data available yet.
Remediation
No vendor fix or workaround currently provided.
Additional remediation guidance may be available on OpenCVE Cloud.
Tracking
Sign in to view the affected projects.
Advisories
| Source | ID | Title |
|---|---|---|
 EUVD |
EUVD-2023-58406 | Improper neutralization of livestatus command delimiters in the availability timeline in Checkmk <= 2.0.0p39, < 2.1.0p37, and < 2.2.0p15 allows arbitrary livestatus command execution for authorized users. |
References
| Link | Providers |
|---|---|
| https://checkmk.com/werk/16221 |
|
History
No history.
MITRE
Status: PUBLISHED
Assigner: Checkmk
Published:
Updated: 2024-08-02T08:21:17.614Z
Reserved: 2023-11-15T16:38:31.845Z
Link: CVE-2023-6156
Vulnrichment
No data.
NVD
Status : Modified
Published: 2023-11-22T17:15:22.537
Modified: 2024-11-21T08:43:16.090
Link: CVE-2023-6156
Redhat
No data.
OpenCVE Enrichment
No data.
Weaknesses