Usage of user controlled LDLIBRARYPATH in agent in Checkmk 2.2.0p10 up to 2.2.0p16 allows malicious Checkmk site user to escalate rights via injection of malicious libraries
{
"unresolved_ranges": [
{
"source": "AFFECTED_FIELD",
"extracted_events": [
{
"introduced": "2.2.0p10"
},
{
"fixed": "2.2.0p17"
}
]
}
],
"osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/31xxx/CVE-2023-31210.json",
"cna_assigner": "Checkmk",
"cwe_ids": [
"CWE-427"
]
}{
"source": "CPE_STRING",
"cpe": [
"cpe:2.3:a:checkmk:checkmk:2.2.0:p10:*:*:*:*:*:*",
"cpe:2.3:a:checkmk:checkmk:2.2.0:p11:*:*:*:*:*:*",
"cpe:2.3:a:checkmk:checkmk:2.2.0:p12:*:*:*:*:*:*",
"cpe:2.3:a:checkmk:checkmk:2.2.0:p13:*:*:*:*:*:*",
"cpe:2.3:a:checkmk:checkmk:2.2.0:p14:*:*:*:*:*:*",
"cpe:2.3:a:checkmk:checkmk:2.2.0:p15:*:*:*:*:*:*",
"cpe:2.3:a:checkmk:checkmk:2.2.0:p16:*:*:*:*:*:*"
],
"extracted_events": [
{
"introduced": "2.2.0-p10"
},
{
"last_affected": "2.2.0-p10"
},
{
"introduced": "2.2.0-p11"
},
{
"last_affected": "2.2.0-p11"
},
{
"introduced": "2.2.0-p12"
},
{
"last_affected": "2.2.0-p12"
},
{
"introduced": "2.2.0-p13"
},
{
"last_affected": "2.2.0-p13"
},
{
"introduced": "2.2.0-p14"
},
{
"last_affected": "2.2.0-p14"
},
{
"introduced": "2.2.0-p15"
},
{
"last_affected": "2.2.0-p15"
},
{
"introduced": "2.2.0-p16"
},
{
"last_affected": "2.2.0-p16"
}
]
}