CVE-2023-31210

EUVD-2023-35525
Usage of user controlled LD_LIBRARY_PATH in agent in Checkmk 2.2.0p10 up to 2.2.0p16 allows malicious Checkmk site user to escalate rights via injection of malicious libraries
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
8.8 HIGH
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CheckmkCNA
8.8 HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 31%
Affected Products (NVD)
VendorProductVersion
checkmkcheckmk
2.2.0:p10
checkmkcheckmk
2.2.0:p11
checkmkcheckmk
2.2.0:p12
checkmkcheckmk
2.2.0:p13
checkmkcheckmk
2.2.0:p14
checkmkcheckmk
2.2.0:p15
checkmkcheckmk
2.2.0:p16
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
check-mk
bionic
needs-triage
focal
dne
jammy
dne
noble
dne
oracular
dne
xenial
needs-triage
Common Weakness Enumeration
References
https://checkmk.com/werk/16226
https://checkmk.com/werk/16226