← Back

CVE-2024-28826

nvd nist
Published: May 29, 2024Modified: Jun 17, 2026

JSON object

Loading...
8.1
Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
Exploitability: 2.8 / Impact: 5.2
Source: NVD

Description

Improper restriction of local upload and download paths in check_sftp in Checkmk before 2.3.0p4, 2.2.0p27, 2.1.0p44, and in Checkmk 2.0.0 (EOL) allows attackers with sufficient permissions to configure the check to read and write local files on the Checkmk site server.

Affected (100)

Products: Checkmk: Checkmk
1 product
Checkmk
Configuration A
100 vulnerable
Vulnerable SoftwareAffected Versions
Checkmk
Up to 2.0.0
Version 2.1.0
Version 2.1.0 b1
Version 2.1.0 b2
Version 2.1.0 b3
Version 2.1.0 b4
Version 2.1.0 b5
Version 2.1.0 b6
Version 2.1.0 b7
Version 2.1.0 b8
Version 2.1.0 b9
Version 2.1.0 p10
Version 2.1.0 p11
Version 2.1.0 p12
Version 2.1.0 p13
Version 2.1.0 p14
Version 2.1.0 p15
Version 2.1.0 p16
Version 2.1.0 p17
Version 2.1.0 p18
Version 2.1.0 p19
Version 2.1.0 p1
Version 2.1.0 p20
Version 2.1.0 p21
Version 2.1.0 p22
Version 2.1.0 p23
Version 2.1.0 p24
Version 2.1.0 p25
Version 2.1.0 p26
Version 2.1.0 p27
Version 2.1.0 p28
Version 2.1.0 p29
Version 2.1.0 p2
Version 2.1.0 p30
Version 2.1.0 p31
Version 2.1.0 p32
Version 2.1.0 p33
Version 2.1.0 p34
Version 2.1.0 p35
Version 2.1.0 p36
Version 2.1.0 p37
Version 2.1.0 p38
Version 2.1.0 p39
Version 2.1.0 p3
Version 2.1.0 p40
Version 2.1.0 p41
Version 2.1.0 p42
Version 2.1.0 p43
Version 2.1.0 p4
Version 2.1.0 p5
Version 2.1.0 p6
Version 2.1.0 p7
Version 2.1.0 p8
Version 2.1.0 p9
Version 2.2.0
Version 2.2.0 b1
Version 2.2.0 b2
Version 2.2.0 b3
Version 2.2.0 b4
Version 2.2.0 b5
Version 2.2.0 b6
Version 2.2.0 b7
Version 2.2.0 b8
Version 2.2.0 i1
Version 2.2.0 p10
Version 2.2.0 p11
Version 2.2.0 p12
Version 2.2.0 p13
Version 2.2.0 p14
Version 2.2.0 p15
Version 2.2.0 p16
Version 2.2.0 p17
Version 2.2.0 p18
Version 2.2.0 p19
Version 2.2.0 p1
Version 2.2.0 p20
Version 2.2.0 p21
Version 2.2.0 p22
Version 2.2.0 p23
Version 2.2.0 p24
Version 2.2.0 p25
Version 2.2.0 p26
Version 2.2.0 p2
Version 2.2.0 p3
Version 2.2.0 p4
Version 2.2.0 p5
Version 2.2.0 p6
Version 2.2.0 p7
Version 2.2.0 p8
Version 2.2.0 p9
Version 2.3.0
Version 2.3.0 b1
Version 2.3.0 b2
Version 2.3.0 b3
Version 2.3.0 b4
Version 2.3.0 b5
Version 2.3.0 b6
Version 2.3.0 p1
Version 2.3.0 p2
Version 2.3.0 p3

References (2)

Source: security@checkmk.com
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory

Timeline

No history available yet.