CVE-2023-0284
MEDIUMTribe29 Checkmk <2.1.0p19, <2.0.0p32, <=1.6.0 - Info Disclosure
Title source: llmDescription
Improper Input Validation of LDAP user IDs in Tribe29 Checkmk allows attackers that can control LDAP user IDs to manipulate files on the server. Checkmk <= 2.1.0p19, Checkmk <= 2.0.0p32, and all versions of Checkmk 1.6.0 (EOL) are affected.
References (1)
Core 1
Core References
Vendor Advisory
https://checkmk.com/werk/15181
Scores
CVSS v3
6.8
EPSS
0.0092
EPSS Percentile
55.8%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-20
Status
published
Products (2)
checkmk/checkmk
2.0.0 (42 CPE variants)
checkmk/checkmk
2.1.0 b1 (8 CPE variants)
Published
Jan 26, 2023
Tracked Since
Feb 18, 2026