Werk #15065: Path-Traversal in MKP storing

Komponente Other components
Titel Path-Traversal in MKP storing
Datum 05.01.2023
Checkmk-Editon Checkmk Enterprise (CEE)
Checkmk-Version 2.2.0i1 2.1.0p19 2.0.0p33
Level Kleine Änderung
Klasse Sicherheitsfix
Kompatibilität Kompatibel - benötigt kein manuelles Eingreifen

Previous to this Werk it was possible that an authenticated user with admin rights uploads a malicious MKP leading to a file creation with an attacker controlled path.

We thank Niko Wenselowski (SVA) for reporting this issue.

Affected versions are:

  • 2.0.0 previous to this Werk
  • 2.1.0 previous to this Werk
  • 1.6.0 is not affected

Detection possibilities:

A audit log is written when an extension package is uploaded. You can look for a entry with Uploaded extension package follwed by a package name and version containing sequences of ../.

Vulnerability Management:

We have rated the issue with a CVSS Score of 3.5 (low) with the following CVSS vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:L.

We assigned CVE-2022-4884 to this vulnerability.

Zur Liste aller Werks