CVE-2024-1742

Invocation of the sqlplus command with sensitive information in the command line in the mk_oracle Checkmk agent plugin before Checkmk 2.3.0b4 (beta), 2.2.0p24, 2.1.0p41 and 2.0.0 (EOL) allows the extraction of this information from the process list.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
3.8 LOW
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N
CheckmkCNA
3.8 LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N
CVEADP
---
---
CISA-ADPADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 33%
VendorProductVersion
checkmkcheckmk
2.3.0b4 <
𝑥
< 2.3.0b4
checkmkcheckmk
2.2.0p24 <
𝑥
< 2.2.0p24
checkmkcheckmk
2.1.0p41 <
𝑥
< 2.1.0p41
checkmkcheckmk
2.0.0p39 <
𝑥
< 2.0.0p39
checkmkcheckmk
𝑥
≤ 2.0.0
checkmkcheckmk
2.1.0
checkmkcheckmk
2.1.0:b1
checkmkcheckmk
2.1.0:b2
checkmkcheckmk
2.1.0:b3
checkmkcheckmk
2.1.0:b4
checkmkcheckmk
2.1.0:b5
checkmkcheckmk
2.1.0:b6
checkmkcheckmk
2.1.0:b7
checkmkcheckmk
2.1.0:b8
checkmkcheckmk
2.1.0:b9
checkmkcheckmk
2.1.0:p1
checkmkcheckmk
2.1.0:p10
checkmkcheckmk
2.1.0:p11
checkmkcheckmk
2.1.0:p12
checkmkcheckmk
2.1.0:p13
checkmkcheckmk
2.1.0:p14
checkmkcheckmk
2.1.0:p15
checkmkcheckmk
2.1.0:p16
checkmkcheckmk
2.1.0:p17
checkmkcheckmk
2.1.0:p18
checkmkcheckmk
2.1.0:p19
checkmkcheckmk
2.1.0:p2
checkmkcheckmk
2.1.0:p20
checkmkcheckmk
2.1.0:p21
checkmkcheckmk
2.1.0:p22
checkmkcheckmk
2.1.0:p23
checkmkcheckmk
2.1.0:p24
checkmkcheckmk
2.1.0:p25
checkmkcheckmk
2.1.0:p26
checkmkcheckmk
2.1.0:p27
checkmkcheckmk
2.1.0:p28
checkmkcheckmk
2.1.0:p29
checkmkcheckmk
2.1.0:p3
checkmkcheckmk
2.1.0:p30
checkmkcheckmk
2.1.0:p31
checkmkcheckmk
2.1.0:p32
checkmkcheckmk
2.1.0:p33
checkmkcheckmk
2.1.0:p34
checkmkcheckmk
2.1.0:p35
checkmkcheckmk
2.1.0:p36
checkmkcheckmk
2.1.0:p37
checkmkcheckmk
2.1.0:p38
checkmkcheckmk
2.1.0:p39
checkmkcheckmk
2.1.0:p4
checkmkcheckmk
2.1.0:p40
checkmkcheckmk
2.1.0:p5
checkmkcheckmk
2.1.0:p6
checkmkcheckmk
2.1.0:p7
checkmkcheckmk
2.1.0:p8
checkmkcheckmk
2.1.0:p9
checkmkcheckmk
2.2.0
checkmkcheckmk
2.2.0:b1
checkmkcheckmk
2.2.0:b2
checkmkcheckmk
2.2.0:b3
checkmkcheckmk
2.2.0:b4
checkmkcheckmk
2.2.0:b5
checkmkcheckmk
2.2.0:b6
checkmkcheckmk
2.2.0:b7
checkmkcheckmk
2.2.0:b8
checkmkcheckmk
2.2.0:i1
checkmkcheckmk
2.2.0:p1
checkmkcheckmk
2.2.0:p10
checkmkcheckmk
2.2.0:p11
checkmkcheckmk
2.2.0:p12
checkmkcheckmk
2.2.0:p13
checkmkcheckmk
2.2.0:p14
checkmkcheckmk
2.2.0:p15
checkmkcheckmk
2.2.0:p16
checkmkcheckmk
2.2.0:p17
checkmkcheckmk
2.2.0:p18
checkmkcheckmk
2.2.0:p19
checkmkcheckmk
2.2.0:p2
checkmkcheckmk
2.2.0:p20
checkmkcheckmk
2.2.0:p21
checkmkcheckmk
2.2.0:p22
checkmkcheckmk
2.2.0:p23
checkmkcheckmk
2.2.0:p3
checkmkcheckmk
2.2.0:p4
checkmkcheckmk
2.2.0:p5
checkmkcheckmk
2.2.0:p6
checkmkcheckmk
2.2.0:p7
checkmkcheckmk
2.2.0:p8
checkmkcheckmk
2.2.0:p9
checkmkcheckmk
2.3.0:b1
checkmkcheckmk
2.3.0:b2
checkmkcheckmk
2.3.0:b3
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://checkmk.com/werk/16234
https://checkmk.com/werk/16234