CVE-2022-46836

Опубликовано: 20 фев. 2023

Источник: nvd

CVSS3: 9.1

CVSS3: 8.8

EPSS Низкий

Описание

PHP code injection in watolib auth.php and hosttags.php in Tribe29's Checkmk <= 2.1.0p10, Checkmk <= 2.0.0p27, and Checkmk <= 1.6.0p29 allows an attacker to inject and execute PHP code which will be executed upon request of the vulnerable component.

Ссылки

https://checkmk.com/werk/14383
Vendor Advisory
https://www.sonarsource.com/blog/checkmk-rce-chain-3/
Exploit
Third Party Advisory
https://checkmk.com/werk/14383
Vendor Advisory
https://www.sonarsource.com/blog/checkmk-rce-chain-3/
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:checkmk:checkmk:2.1.0:-:*:*:*:*:*:*

cpe:2.3:a:checkmk:checkmk:2.1.0:b1:*:*:*:*:*:*

cpe:2.3:a:checkmk:checkmk:2.1.0:b2:*:*:*:*:*:*

cpe:2.3:a:checkmk:checkmk:2.1.0:b3:*:*:*:*:*:*

cpe:2.3:a:checkmk:checkmk:2.1.0:b4:*:*:*:*:*:*

cpe:2.3:a:checkmk:checkmk:2.1.0:b5:*:*:*:*:*:*

cpe:2.3:a:checkmk:checkmk:2.1.0:b6:*:*:*:*:*:*

cpe:2.3:a:checkmk:checkmk:2.1.0:b7:*:*:*:*:*:*

cpe:2.3:a:checkmk:checkmk:2.1.0:b8:*:*:*:*:*:*

cpe:2.3:a:checkmk:checkmk:2.1.0:b9:*:*:*:*:*:*

cpe:2.3:a:checkmk:checkmk:2.1.0:p1:*:*:*:*:*:*

cpe:2.3:a:checkmk:checkmk:2.1.0:p10:*:*:*:*:*:*

cpe:2.3:a:checkmk:checkmk:2.1.0:p2:*:*:*:*:*:*

cpe:2.3:a:checkmk:checkmk:2.1.0:p3:*:*:*:*:*:*

cpe:2.3:a:checkmk:checkmk:2.1.0:p4:*:*:*:*:*:*

cpe:2.3:a:checkmk:checkmk:2.1.0:p5:*:*:*:*:*:*

cpe:2.3:a:checkmk:checkmk:2.1.0:p6:*:*:*:*:*:*

cpe:2.3:a:checkmk:checkmk:2.1.0:p7:*:*:*:*:*:*

cpe:2.3:a:checkmk:checkmk:2.1.0:p8:*:*:*:*:*:*

cpe:2.3:a:checkmk:checkmk:2.1.0:p9:*:*:*:*:*:*

Конфигурация 2

Одно из

cpe:2.3:a:checkmk:checkmk:2.0.0:-:*:*:*:*:*:*

cpe:2.3:a:checkmk:checkmk:2.0.0:b1:*:*:*:*:*:*

cpe:2.3:a:checkmk:checkmk:2.0.0:b2:*:*:*:*:*:*

cpe:2.3:a:checkmk:checkmk:2.0.0:b3:*:*:*:*:*:*

cpe:2.3:a:checkmk:checkmk:2.0.0:b4:*:*:*:*:*:*

cpe:2.3:a:checkmk:checkmk:2.0.0:b5:*:*:*:*:*:*

cpe:2.3:a:checkmk:checkmk:2.0.0:b6:*:*:*:*:*:*

cpe:2.3:a:checkmk:checkmk:2.0.0:b7:*:*:*:*:*:*

cpe:2.3:a:checkmk:checkmk:2.0.0:b8:*:*:*:*:*:*

cpe:2.3:a:checkmk:checkmk:2.0.0:i1:*:*:*:*:*:*

cpe:2.3:a:checkmk:checkmk:2.0.0:p1:*:*:*:*:*:*

cpe:2.3:a:checkmk:checkmk:2.0.0:p10:*:*:*:*:*:*

cpe:2.3:a:checkmk:checkmk:2.0.0:p11:*:*:*:*:*:*

cpe:2.3:a:checkmk:checkmk:2.0.0:p12:*:*:*:*:*:*

cpe:2.3:a:checkmk:checkmk:2.0.0:p13:*:*:*:*:*:*

cpe:2.3:a:checkmk:checkmk:2.0.0:p14:*:*:*:*:*:*

cpe:2.3:a:checkmk:checkmk:2.0.0:p15:*:*:*:*:*:*

cpe:2.3:a:checkmk:checkmk:2.0.0:p16:*:*:*:*:*:*

cpe:2.3:a:checkmk:checkmk:2.0.0:p17:*:*:*:*:*:*

cpe:2.3:a:checkmk:checkmk:2.0.0:p18:*:*:*:*:*:*

cpe:2.3:a:checkmk:checkmk:2.0.0:p19:*:*:*:*:*:*

cpe:2.3:a:checkmk:checkmk:2.0.0:p2:*:*:*:*:*:*

cpe:2.3:a:checkmk:checkmk:2.0.0:p20:*:*:*:*:*:*

cpe:2.3:a:checkmk:checkmk:2.0.0:p21:*:*:*:*:*:*

cpe:2.3:a:checkmk:checkmk:2.0.0:p22:*:*:*:*:*:*

cpe:2.3:a:checkmk:checkmk:2.0.0:p23:*:*:*:*:*:*

cpe:2.3:a:checkmk:checkmk:2.0.0:p24:*:*:*:*:*:*

cpe:2.3:a:checkmk:checkmk:2.0.0:p25:*:*:*:*:*:*

cpe:2.3:a:checkmk:checkmk:2.0.0:p26:*:*:*:*:*:*

cpe:2.3:a:checkmk:checkmk:2.0.0:p27:*:*:*:*:*:*

cpe:2.3:a:checkmk:checkmk:2.0.0:p3:*:*:*:*:*:*

cpe:2.3:a:checkmk:checkmk:2.0.0:p4:*:*:*:*:*:*

cpe:2.3:a:checkmk:checkmk:2.0.0:p5:*:*:*:*:*:*

cpe:2.3:a:checkmk:checkmk:2.0.0:p6:*:*:*:*:*:*

cpe:2.3:a:checkmk:checkmk:2.0.0:p7:*:*:*:*:*:*

cpe:2.3:a:checkmk:checkmk:2.0.0:p8:*:*:*:*:*:*

cpe:2.3:a:checkmk:checkmk:2.0.0:p9:*:*:*:*:*:*

Конфигурация 3

Одно из

cpe:2.3:a:checkmk:checkmk:1.6.0:-:*:*:*:*:*:*

cpe:2.3:a:checkmk:checkmk:1.6.0:b1:*:*:*:*:*:*

cpe:2.3:a:checkmk:checkmk:1.6.0:b10:*:*:*:*:*:*

cpe:2.3:a:checkmk:checkmk:1.6.0:b11:*:*:*:*:*:*

cpe:2.3:a:checkmk:checkmk:1.6.0:b12:*:*:*:*:*:*

cpe:2.3:a:checkmk:checkmk:1.6.0:b2:*:*:*:*:*:*

cpe:2.3:a:checkmk:checkmk:1.6.0:b3:*:*:*:*:*:*

cpe:2.3:a:checkmk:checkmk:1.6.0:b4:*:*:*:*:*:*

cpe:2.3:a:checkmk:checkmk:1.6.0:b5:*:*:*:*:*:*

cpe:2.3:a:checkmk:checkmk:1.6.0:b6:*:*:*:*:*:*

cpe:2.3:a:checkmk:checkmk:1.6.0:b7:*:*:*:*:*:*

cpe:2.3:a:checkmk:checkmk:1.6.0:b8:*:*:*:*:*:*

cpe:2.3:a:checkmk:checkmk:1.6.0:b9:*:*:*:*:*:*

cpe:2.3:a:checkmk:checkmk:1.6.0:p1:*:*:*:*:*:*

cpe:2.3:a:checkmk:checkmk:1.6.0:p10:*:*:*:*:*:*

cpe:2.3:a:checkmk:checkmk:1.6.0:p11:*:*:*:*:*:*

cpe:2.3:a:checkmk:checkmk:1.6.0:p12:*:*:*:*:*:*

cpe:2.3:a:checkmk:checkmk:1.6.0:p13:*:*:*:*:*:*

cpe:2.3:a:checkmk:checkmk:1.6.0:p14:*:*:*:*:*:*

cpe:2.3:a:checkmk:checkmk:1.6.0:p15:*:*:*:*:*:*

cpe:2.3:a:checkmk:checkmk:1.6.0:p16:*:*:*:*:*:*

cpe:2.3:a:checkmk:checkmk:1.6.0:p17:*:*:*:*:*:*

cpe:2.3:a:checkmk:checkmk:1.6.0:p18:*:*:*:*:*:*

cpe:2.3:a:checkmk:checkmk:1.6.0:p19:*:*:*:*:*:*

cpe:2.3:a:checkmk:checkmk:1.6.0:p2:*:*:*:*:*:*

cpe:2.3:a:checkmk:checkmk:1.6.0:p20:*:*:*:*:*:*

cpe:2.3:a:checkmk:checkmk:1.6.0:p21:*:*:*:*:*:*

cpe:2.3:a:checkmk:checkmk:1.6.0:p22:*:*:*:*:*:*

cpe:2.3:a:checkmk:checkmk:1.6.0:p23:*:*:*:*:*:*

cpe:2.3:a:checkmk:checkmk:1.6.0:p24:*:*:*:*:*:*

cpe:2.3:a:checkmk:checkmk:1.6.0:p25:*:*:*:*:*:*

cpe:2.3:a:checkmk:checkmk:1.6.0:p26:*:*:*:*:*:*

cpe:2.3:a:checkmk:checkmk:1.6.0:p27:*:*:*:*:*:*

cpe:2.3:a:checkmk:checkmk:1.6.0:p28:*:*:*:*:*:*

cpe:2.3:a:checkmk:checkmk:1.6.0:p29:*:*:*:*:*:*

cpe:2.3:a:checkmk:checkmk:1.6.0:p3:*:*:*:*:*:*

cpe:2.3:a:checkmk:checkmk:1.6.0:p4:*:*:*:*:*:*

cpe:2.3:a:checkmk:checkmk:1.6.0:p5:*:*:*:*:*:*

cpe:2.3:a:checkmk:checkmk:1.6.0:p6:*:*:*:*:*:*

cpe:2.3:a:checkmk:checkmk:1.6.0:p7:*:*:*:*:*:*

cpe:2.3:a:checkmk:checkmk:1.6.0:p8:*:*:*:*:*:*

cpe:2.3:a:checkmk:checkmk:1.6.0:p9:*:*:*:*:*:*

EPSS

Процентиль: 74%

0.00796

Низкий

9.1 Critical

CVSS3

8.8 High

CVSS3

Дефекты

CWE-20

CWE-94

Связанные уязвимости

CVE-2022-46836

CVSS3: 9.1

ubuntu

почти 3 года назад

CVE-2022-46836

CVSS3: 9.1

debian

почти 3 года назад

PHP code injection in watolib auth.php and hosttags.php in Tribe29's C ...

GHSA-h9m9-95j2-cpmj

CVSS3: 8.8

github

почти 3 года назад

EPSS

Процентиль: 74%

0.00796

Низкий

9.1 Critical

CVSS3

8.8 High

CVSS3

Дефекты

CWE-20

CWE-94