CVE-2023-6287
27.11.2023, 14:15
Sensitive data exposure in Webconf in Tribe29 Checkmk Appliance before 1.6.8 allows local attacker to retrieve passwords via reading log files.Enginsight
| Vendor | Product | Version |
|---|---|---|
| tribe29 | checkmk_appliance_firmware | 𝑥 < 1.6.8 |
𝑥
= Vulnerable software versions
Ubuntu Releases
Common Weakness Enumeration
- CWE-598 - Use of GET Request Method With Sensitive Query StringsThe web application uses the HTTP GET method to process a request and includes sensitive information in the query string of that request.
- CWE-532 - Insertion of Sensitive Information into Log FileInformation written to log files can be of a sensitive nature and give valuable guidance to an attacker or expose sensitive user information.