CVE-2023-6156

Description

Improper neutralization of livestatus command delimiters in the availability timeline in Checkmk <= 2.0.0p39, < 2.1.0p37, and < 2.2.0p15 allows arbitrary livestatus command execution for authorized users.

CVSS breakdown

CVSS 3.1

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

Low

Integrity

Low

Availability

High

Affected products

Checkmk GmbH / Checkmk2.2.0 – 2.2.0p15
Checkmk GmbH / Checkmk2.1.0 – 2.1.0p37
Checkmk GmbH / Checkmk2.0.0 – 2.0.0p39

References

MISChttps://checkmk.com/werk/16221