CVE-2023-31210

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2023-31210
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-31210.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2023-31210
Downstream
Published
2023-12-13T09:15:34.080Z
Modified
2026-04-10T04:57:36.019122Z
Severity
  • 7.8 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

Usage of user controlled LDLIBRARYPATH in agent in Checkmk 2.2.0p10 up to 2.2.0p16 allows malicious Checkmk site user to escalate rights via injection of malicious libraries

References

Affected packages

Git / github.com/checkmk/checkmk

Affected ranges

Type
GIT
Repo
https://github.com/checkmk/checkmk
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
324bd38f5b76f73f236e495af0c9228b65d15528
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
0d2681c53226611c965c0d94ff233e497b5a4317
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
5cf0476d6b0cba20b3aafb01b187c63a9fda92bd
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
5554a04b2c158ae9b0e01ef1b591fe3702ea5ac0
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
eda43696c54223b7b5fdcf3f4c3a44ab841061fe
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
e5861f0cab1099a17d23657c9ed1054590f5c769
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
4cbff4e1a0ac90dc4d91939fc63184a0fcc0c3da
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "2.2.0-p10"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "2.2.0-p11"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "2.2.0-p12"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "2.2.0-p13"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "2.2.0-p14"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "2.2.0-p15"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "2.2.0-p16"
        }
    ]
}

Affected versions

1.*
1.1.0beta17
v1.*
v1.1.0
v1.1.10
v1.1.10b1
v1.1.10b2
v1.1.11i1
v1.1.11i2
v1.1.11i3
v1.1.13i2
v1.1.13i3
v1.1.2
v1.1.3
v1.1.4
v1.1.6
v1.1.6b2
v1.1.7i2
v1.1.7i3
v1.1.7i4
v1.1.7i5
v1.1.8
v1.1.8b1
v1.1.8b2
v1.1.8b3
v1.1.9i1
v1.1.9i3
v1.1.9i4
v1.1.9i5
v1.1.9i7
v1.1.9i8
v1.1.9i9
v1.2.0b2
v1.2.0b3
v1.2.0b4
v1.2.0p1
v1.2.1i5
v1.2.3i4
v1.2.3i5
v1.2.3i6
v1.2.5i1
v1.2.5i6
v1.4.0i1
v1.4.0i2
v1.4.0i3
v1.5.0i1
v1.5.0i2
v1.5.0i3
v1.6.0b1
v2.*
v2.0.0i1
v2.2.0
v2.2.0-rc1
v2.2.0b1
v2.2.0b1-rc1
v2.2.0b1-rc2
v2.2.0b2
v2.2.0b2-rc1
v2.2.0b3
v2.2.0b3-rc1
v2.2.0b4
v2.2.0b4-rc1
v2.2.0b5
v2.2.0b5-rc1
v2.2.0b5-rc2
v2.2.0b6
v2.2.0b6-rc1
v2.2.0b7
v2.2.0b7-rc1
v2.2.0b8
v2.2.0b8-rc1
v2.2.0p1
v2.2.0p1-rc1
v2.2.0p10
v2.2.0p10-rc1
v2.2.0p11
v2.2.0p11-rc1
v2.2.0p12
v2.2.0p12-rc1
v2.2.0p13
v2.2.0p13-rc1
v2.2.0p13-rc2
v2.2.0p14
v2.2.0p14-rc1
v2.2.0p14-rc2
v2.2.0p15
v2.2.0p15-rc1
v2.2.0p15-rc2
v2.2.0p16
v2.2.0p16-rc1
v2.2.0p16-rc2
v2.2.0p16-rc3
v2.2.0p2
v2.2.0p2-rc1
v2.2.0p3
v2.2.0p3-rc1
v2.2.0p4
v2.2.0p4-rc1
v2.2.0p4-rc2
v2.2.0p5
v2.2.0p5-rc1
v2.2.0p6
v2.2.0p6-rc1
v2.2.0p6-rc2
v2.2.0p6-rc3
v2.2.0p7
v2.2.0p7-rc1
v2.2.0p8
v2.2.0p8-rc1
v2.2.0p8-rc2
v2.2.0p9
v2.2.0p9-rc1

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-31210.json"