CVE-2017-14955

MEDIUM

Checkmk - Information Disclosure

Title source: rule

Description

Check_MK before 1.2.8p26 mishandles certain errors within the failed-login save feature because of a race condition, which allows remote attackers to obtain sensitive user information by reading a GUI crash report.

Exploits (1)

exploitdb WORKING POC

by Julien Ahrens · pythonwebappspython

https://www.exploit-db.com/exploits/43021

View Code ZIP pw:eip

References (3)

[Third Party Advisory, VDB Entry] https://www.exploit-db.com/exploits/43021/

[Release Notes, Third Party Advisory] http://mathias-kettner.com/check_mk_werks.php?edition_id=raw&branch=1.2.8

[Third Party Advisory] https://mathias-kettner.de/check_mk_werks.php?werk_id=5208&HTML=yes

Scores

CVSS v3 5.9

EPSS 0.1962

EPSS Percentile 95.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

CWE

CWE-362 CWE-200

Status published

Products (6)

checkmk/checkmk 1.2.3 i6 (2 CPE variants)

checkmk/checkmk 1.2.4 b1

checkmk/checkmk 1.2.5 i1 (6 CPE variants)

checkmk/checkmk 1.2.6 b1 (3 CPE variants)

checkmk/checkmk 1.2.7 i1 (5 CPE variants)

checkmk/checkmk 1.2.8 p18 (2 CPE variants)

Published Oct 02, 2017

Tracked Since Feb 18, 2026