HomePentest-Tools.com Logo

Checkmk 2.0.x < 2.0.0p29, 2.1.x < 2.1.0p12, 2.2.x < 2.2.0b1 Improper Input Validation Vulnerability CVE-2022-47909

Severity
CVSSv3 Score
7.8
Vulnerability description

Checkmk is prone to an improper input validation vulnerability.

Risk description

Livestatus Query Language (LQL) injection in the AuthUser HTTP query header allows an attacker to perform direct queries to the applications core from localhost.

Recommendation

Update to version 2.0.0p29, 2.1.0p12, 2.2.0b1 or later.

Codename
Not available
Detectable with
Network Scanner
Scan engine
OpenVAS
Exploitable with Sniper
No
CVE Published
Feb 20, 2023
Detection added at
Software Type
Not available
Vendor
Not available
Product
Not available