CVE-2023-31208
17.05.2023, 09:15
Improper neutralization of livestatus command delimiters in the RestAPI in Checkmk < 2.0.0p36, < 2.1.0p28, and < 2.2.0b8 (beta) allows arbitrary livestatus command execution for authorized users.
| Vendor | Product | Version |
|---|---|---|
| checkmk | checkmk | 2.0.0 |
| checkmk | checkmk | 2.0.0:b1 |
| checkmk | checkmk | 2.0.0:b2 |
| checkmk | checkmk | 2.0.0:b3 |
| checkmk | checkmk | 2.0.0:b4 |
| checkmk | checkmk | 2.0.0:b5 |
| checkmk | checkmk | 2.0.0:b6 |
| checkmk | checkmk | 2.0.0:b7 |
| checkmk | checkmk | 2.0.0:b8 |
| checkmk | checkmk | 2.0.0:i1 |
| checkmk | checkmk | 2.0.0:p1 |
| checkmk | checkmk | 2.0.0:p10 |
| checkmk | checkmk | 2.0.0:p11 |
| checkmk | checkmk | 2.0.0:p12 |
| checkmk | checkmk | 2.0.0:p13 |
| checkmk | checkmk | 2.0.0:p14 |
| checkmk | checkmk | 2.0.0:p15 |
| checkmk | checkmk | 2.0.0:p16 |
| checkmk | checkmk | 2.0.0:p17 |
| checkmk | checkmk | 2.0.0:p18 |
| checkmk | checkmk | 2.0.0:p19 |
| checkmk | checkmk | 2.0.0:p2 |
| checkmk | checkmk | 2.0.0:p20 |
| checkmk | checkmk | 2.0.0:p21 |
| checkmk | checkmk | 2.0.0:p22 |
| checkmk | checkmk | 2.0.0:p23 |
| checkmk | checkmk | 2.0.0:p24 |
| checkmk | checkmk | 2.0.0:p25 |
| checkmk | checkmk | 2.0.0:p26 |
| checkmk | checkmk | 2.0.0:p27 |
| checkmk | checkmk | 2.0.0:p28 |
| checkmk | checkmk | 2.0.0:p29 |
| checkmk | checkmk | 2.0.0:p3 |
| checkmk | checkmk | 2.0.0:p30 |
| checkmk | checkmk | 2.0.0:p31 |
| checkmk | checkmk | 2.0.0:p32 |
| checkmk | checkmk | 2.0.0:p33 |
| checkmk | checkmk | 2.0.0:p34 |
| checkmk | checkmk | 2.0.0:p35 |
| checkmk | checkmk | 2.0.0:p4 |
| checkmk | checkmk | 2.0.0:p5 |
| checkmk | checkmk | 2.0.0:p6 |
| checkmk | checkmk | 2.0.0:p7 |
| checkmk | checkmk | 2.0.0:p8 |
| checkmk | checkmk | 2.0.0:p9 |
| checkmk | checkmk | 2.1.0 |
| checkmk | checkmk | 2.1.0:b1 |
| checkmk | checkmk | 2.1.0:b2 |
| checkmk | checkmk | 2.1.0:b3 |
| checkmk | checkmk | 2.1.0:b4 |
| checkmk | checkmk | 2.1.0:b5 |
| checkmk | checkmk | 2.1.0:b6 |
| checkmk | checkmk | 2.1.0:b7 |
| checkmk | checkmk | 2.1.0:b8 |
| checkmk | checkmk | 2.1.0:b9 |
| checkmk | checkmk | 2.1.0:p1 |
| checkmk | checkmk | 2.1.0:p10 |
| checkmk | checkmk | 2.1.0:p11 |
| checkmk | checkmk | 2.1.0:p12 |
| checkmk | checkmk | 2.1.0:p13 |
| checkmk | checkmk | 2.1.0:p14 |
| checkmk | checkmk | 2.1.0:p15 |
| checkmk | checkmk | 2.1.0:p16 |
| checkmk | checkmk | 2.1.0:p17 |
| checkmk | checkmk | 2.1.0:p18 |
| checkmk | checkmk | 2.1.0:p2 |
| checkmk | checkmk | 2.1.0:p20 |
| checkmk | checkmk | 2.1.0:p21 |
| checkmk | checkmk | 2.1.0:p22 |
| checkmk | checkmk | 2.1.0:p23 |
| checkmk | checkmk | 2.1.0:p24 |
| checkmk | checkmk | 2.1.0:p25 |
| checkmk | checkmk | 2.1.0:p26 |
| checkmk | checkmk | 2.1.0:p27 |
| checkmk | checkmk | 2.1.0:p3 |
| checkmk | checkmk | 2.1.0:p4 |
| checkmk | checkmk | 2.1.0:p5 |
| checkmk | checkmk | 2.1.0:p6 |
| checkmk | checkmk | 2.1.0:p7 |
| checkmk | checkmk | 2.1.0:p8 |
| checkmk | checkmk | 2.1.0:p9 |
| checkmk | checkmk | 2.2.0:b1 |
| checkmk | checkmk | 2.2.0:b2 |
| checkmk | checkmk | 2.2.0:b3 |
| checkmk | checkmk | 2.2.0:b4 |
| checkmk | checkmk | 2.2.0:b5 |
| checkmk | checkmk | 2.2.0:b6 |
| checkmk | checkmk | 2.2.0:b7 |
| checkmk | checkmk | 2.2.0:i1 |
| tribe29 | checkmk | 𝑥 < 2.0.0 |
𝑥
= Vulnerable software versions
Ubuntu Releases
Common Weakness Enumeration
- CWE-140 - Improper Neutralization of DelimitersThe software does not neutralize or incorrectly neutralizes delimiters.
- CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')The software constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.