CVE-2023-22307

MEDIUM

Tribe29 Checkmk Appliance <1.6.4 - Info Disclosure

Title source: llm

Description

Sensitive data exposure in Webconf in Tribe29 Checkmk Appliance before 1.6.4 allows local attacker to retrieve passwords via reading log files.

References (1)

Scores

CVSS v3 5.5
EPSS 0.0005
EPSS Percentile 15.1%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Classification

CWE
CWE-200 CWE-598 CWE-668
Status published

Affected Products (1)

tribe29/checkmk_appliance_firmware < 1.6.4

Timeline

Published Apr 18, 2023
Tracked Since Feb 18, 2026