Werk #15065: Path-Traversal in MKP storing
| Component | Other components | ||||||
| Title | Path-Traversal in MKP storing | ||||||
| Date | Jan 5, 2023 | ||||||
| Level | Trivial Change | ||||||
| Class | Security Fix | ||||||
| Compatibility | Compatible - no manual interaction needed | ||||||
| Checkmk versions & editions |
|
Previous to this Werk it was possible that an authenticated user with admin rights uploads a malicious MKP leading to a file creation with an attacker controlled path.
We thank Niko Wenselowski (SVA) for reporting this issue.
Affected versions are:
- 2.0.0 previous to this Werk
- 2.1.0 previous to this Werk
- 1.6.0 is not affected
Detection possibilities:
A audit log is written when an extension package is uploaded. You can look for a entry with Uploaded extension package follwed by a package name and version containing sequences of ../.
Vulnerability Management:
We have rated the issue with a CVSS Score of 3.5 (low) with the following CVSS vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:L.
We assigned CVE-2022-4884 to this vulnerability.