CVE-2014-2330
Check_MK < 1.2.5i2 - Cross-Site Request Forgery in Multisite GUI
Title source: llmDescription
Multiple cross-site request forgery (CSRF) vulnerabilities in the Multisite GUI in Check_MK before 1.2.5i2 allow remote attackers to hijack the authentication of users for requests that (1) upload arbitrary snapshots, (2) delete arbitrary files, or possibly have other unspecified impact via unknown vectors.
References (3)
Core 3
Core References
Vendor Advisory x_refsource_confirm
http://mathias-kettner.de/check_mk_werks.php?werk_id=0766
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/531594
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/66389
Scores
EPSS
0.0114
EPSS Percentile
62.8%
Details
CWE
CWE-352
Status
published
Products (1)
check_mk_project/check_mk
< 1.2.2
Published
Aug 31, 2015
Tracked Since
Feb 18, 2026