Description
In Checkmk before 1.6.0p29, 2.x before 2.0.0p25, and 2.1.x before 2.1.0b10, a site user can escalate to root by editing an OMD hook symlink.
References (2)
Core 2
Core References
Vendor Advisory x_refsource_misc
https://checkmk.com/werk/13902
Release Notes, Vendor Advisory x_refsource_misc
https://forum.checkmk.com/c/announcements/18
Scores
CVSS v3
8.2
EPSS
0.0039
EPSS Percentile
30.6%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
Details
CWE
CWE-59
Status
published
Products (2)
checkmk/checkmk
1.6.0 b1 (33 CPE variants)
checkmk/checkmk
2.0.0 (17 CPE variants)
Published
May 20, 2022
Tracked Since
Feb 18, 2026