CVE-2014-2330

Check_MK < 1.2.5i2 - Cross-Site Request Forgery in Multisite GUI

Title source: llm
STIX 2.1

Description

Multiple cross-site request forgery (CSRF) vulnerabilities in the Multisite GUI in Check_MK before 1.2.5i2 allow remote attackers to hijack the authentication of users for requests that (1) upload arbitrary snapshots, (2) delete arbitrary files, or possibly have other unspecified impact via unknown vectors.

References (3)

Core 3
Core References
Vendor Advisory x_refsource_confirm
http://mathias-kettner.de/check_mk_werks.php?werk_id=0766
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/531594
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/66389

Scores

EPSS 0.0114
EPSS Percentile 62.8%

Details

CWE
CWE-352
Status published
Products (1)
check_mk_project/check_mk < 1.2.2
Published Aug 31, 2015
Tracked Since Feb 18, 2026