CVE-2017-14955

Check_MK before 1.2.8p26 mishandles certain errors within the failed-login save feature because of a race condition, which allows remote attackers to obtain sensitive user information by reading a GUI crash report.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5.9 MEDIUM
NETWORK
HIGH
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 91%
VendorProductVersion
checkmkcheckmk
1.2.3:i6
checkmkcheckmk
1.2.3:i7
checkmkcheckmk
1.2.4:b1
checkmkcheckmk
1.2.5:i1
checkmkcheckmk
1.2.5:i2
checkmkcheckmk
1.2.5:i3
checkmkcheckmk
1.2.5:i4
checkmkcheckmk
1.2.5:i5
checkmkcheckmk
1.2.5:i6
checkmkcheckmk
1.2.6:b1
checkmkcheckmk
1.2.6:b2
checkmkcheckmk
1.2.6:p13
checkmkcheckmk
1.2.7:i1
checkmkcheckmk
1.2.7:i1p2
checkmkcheckmk
1.2.7:i2
checkmkcheckmk
1.2.7:i3
checkmkcheckmk
1.2.7:i4
checkmkcheckmk
1.2.8:p18
checkmkcheckmk
1.2.8:p25
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
check-mk
jammy
dne
impish
dne
hirsute
dne
groovy
dne
focal
dne
eoan
ignored
disco
ignored
cosmic
ignored
bionic
Fixed 1.2.8p16-1ubuntu0.2
released
artful
ignored
zesty
ignored
xenial
Fixed 1.2.6p12-1ubuntu0.16.04.1+esm1
released
trusty
dne
Common Weakness Enumeration
References
http://mathias-kettner.com/check_mk_werks.php?edition_id=raw&branch=1.2.8
https://mathias-kettner.de/check_mk_werks.php?werk_id=5208&HTML=yes
https://www.exploit-db.com/exploits/43021/
http://mathias-kettner.com/check_mk_werks.php?edition_id=raw&branch=1.2.8
https://mathias-kettner.de/check_mk_werks.php?werk_id=5208&HTML=yes
https://www.exploit-db.com/exploits/43021/