CVE-2023-22288

Опубликовано: 20 мар. 2023

Источник: nvd

CVSS3: 4.1

CVSS3: 5.4

EPSS Низкий

Описание

HTML Email Injection in Tribe29 Checkmk <=2.1.0p23; <=2.0.0p34, and all versions of Checkmk 1.6.0 allows an authenticated attacker to inject malicious HTML into Emails

Ссылки

https://checkmk.com/werk/15069
Vendor Advisory
https://checkmk.com/werk/15069
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:checkmk:checkmk:2.0.0:-:*:*:*:*:*:*

cpe:2.3:a:checkmk:checkmk:2.0.0:b1:*:*:*:*:*:*

cpe:2.3:a:checkmk:checkmk:2.0.0:b2:*:*:*:*:*:*

cpe:2.3:a:checkmk:checkmk:2.0.0:b3:*:*:*:*:*:*

cpe:2.3:a:checkmk:checkmk:2.0.0:b4:*:*:*:*:*:*

cpe:2.3:a:checkmk:checkmk:2.0.0:b5:*:*:*:*:*:*

cpe:2.3:a:checkmk:checkmk:2.0.0:b6:*:*:*:*:*:*

cpe:2.3:a:checkmk:checkmk:2.0.0:b7:*:*:*:*:*:*

cpe:2.3:a:checkmk:checkmk:2.0.0:b8:*:*:*:*:*:*

cpe:2.3:a:checkmk:checkmk:2.0.0:i1:*:*:*:*:*:*

cpe:2.3:a:checkmk:checkmk:2.0.0:p1:*:*:*:*:*:*

cpe:2.3:a:checkmk:checkmk:2.0.0:p10:*:*:*:*:*:*

cpe:2.3:a:checkmk:checkmk:2.0.0:p11:*:*:*:*:*:*

cpe:2.3:a:checkmk:checkmk:2.0.0:p12:*:*:*:*:*:*

cpe:2.3:a:checkmk:checkmk:2.0.0:p13:*:*:*:*:*:*

cpe:2.3:a:checkmk:checkmk:2.0.0:p14:*:*:*:*:*:*

cpe:2.3:a:checkmk:checkmk:2.0.0:p15:*:*:*:*:*:*

cpe:2.3:a:checkmk:checkmk:2.0.0:p16:*:*:*:*:*:*

cpe:2.3:a:checkmk:checkmk:2.0.0:p17:*:*:*:*:*:*

cpe:2.3:a:checkmk:checkmk:2.0.0:p18:*:*:*:*:*:*

cpe:2.3:a:checkmk:checkmk:2.0.0:p19:*:*:*:*:*:*

cpe:2.3:a:checkmk:checkmk:2.0.0:p2:*:*:*:*:*:*

cpe:2.3:a:checkmk:checkmk:2.0.0:p20:*:*:*:*:*:*

cpe:2.3:a:checkmk:checkmk:2.0.0:p21:*:*:*:*:*:*

cpe:2.3:a:checkmk:checkmk:2.0.0:p22:*:*:*:*:*:*

cpe:2.3:a:checkmk:checkmk:2.0.0:p23:*:*:*:*:*:*

cpe:2.3:a:checkmk:checkmk:2.0.0:p24:*:*:*:*:*:*

cpe:2.3:a:checkmk:checkmk:2.0.0:p25:*:*:*:*:*:*

cpe:2.3:a:checkmk:checkmk:2.0.0:p26:*:*:*:*:*:*

cpe:2.3:a:checkmk:checkmk:2.0.0:p27:*:*:*:*:*:*

cpe:2.3:a:checkmk:checkmk:2.0.0:p28:*:*:*:*:*:*

cpe:2.3:a:checkmk:checkmk:2.0.0:p29:*:*:*:*:*:*

cpe:2.3:a:checkmk:checkmk:2.0.0:p3:*:*:*:*:*:*

cpe:2.3:a:checkmk:checkmk:2.0.0:p30:*:*:*:*:*:*

cpe:2.3:a:checkmk:checkmk:2.0.0:p31:*:*:*:*:*:*

cpe:2.3:a:checkmk:checkmk:2.0.0:p32:*:*:*:*:*:*

cpe:2.3:a:checkmk:checkmk:2.0.0:p33:*:*:*:*:*:*

cpe:2.3:a:checkmk:checkmk:2.0.0:p34:*:*:*:*:*:*

cpe:2.3:a:checkmk:checkmk:2.0.0:p4:*:*:*:*:*:*

cpe:2.3:a:checkmk:checkmk:2.0.0:p5:*:*:*:*:*:*

cpe:2.3:a:checkmk:checkmk:2.0.0:p6:*:*:*:*:*:*

cpe:2.3:a:checkmk:checkmk:2.0.0:p7:*:*:*:*:*:*

cpe:2.3:a:checkmk:checkmk:2.0.0:p8:*:*:*:*:*:*

cpe:2.3:a:checkmk:checkmk:2.0.0:p9:*:*:*:*:*:*

cpe:2.3:a:checkmk:checkmk:2.1.0:-:*:*:*:*:*:*

cpe:2.3:a:checkmk:checkmk:2.1.0:b1:*:*:*:*:*:*

cpe:2.3:a:checkmk:checkmk:2.1.0:b2:*:*:*:*:*:*

cpe:2.3:a:checkmk:checkmk:2.1.0:b3:*:*:*:*:*:*

cpe:2.3:a:checkmk:checkmk:2.1.0:b4:*:*:*:*:*:*

cpe:2.3:a:checkmk:checkmk:2.1.0:b5:*:*:*:*:*:*

cpe:2.3:a:checkmk:checkmk:2.1.0:b6:*:*:*:*:*:*

cpe:2.3:a:checkmk:checkmk:2.1.0:b7:*:*:*:*:*:*

cpe:2.3:a:checkmk:checkmk:2.1.0:b8:*:*:*:*:*:*

cpe:2.3:a:checkmk:checkmk:2.1.0:b9:*:*:*:*:*:*

cpe:2.3:a:checkmk:checkmk:2.1.0:p1:*:*:*:*:*:*

cpe:2.3:a:checkmk:checkmk:2.1.0:p10:*:*:*:*:*:*

cpe:2.3:a:checkmk:checkmk:2.1.0:p11:*:*:*:*:*:*

cpe:2.3:a:checkmk:checkmk:2.1.0:p12:*:*:*:*:*:*

cpe:2.3:a:checkmk:checkmk:2.1.0:p13:*:*:*:*:*:*

cpe:2.3:a:checkmk:checkmk:2.1.0:p14:*:*:*:*:*:*

cpe:2.3:a:checkmk:checkmk:2.1.0:p15:*:*:*:*:*:*

cpe:2.3:a:checkmk:checkmk:2.1.0:p16:*:*:*:*:*:*

cpe:2.3:a:checkmk:checkmk:2.1.0:p17:*:*:*:*:*:*

cpe:2.3:a:checkmk:checkmk:2.1.0:p18:*:*:*:*:*:*

cpe:2.3:a:checkmk:checkmk:2.1.0:p2:*:*:*:*:*:*

cpe:2.3:a:checkmk:checkmk:2.1.0:p20:*:*:*:*:*:*

cpe:2.3:a:checkmk:checkmk:2.1.0:p21:*:*:*:*:*:*

cpe:2.3:a:checkmk:checkmk:2.1.0:p22:*:*:*:*:*:*

cpe:2.3:a:checkmk:checkmk:2.1.0:p23:*:*:*:*:*:*

cpe:2.3:a:checkmk:checkmk:2.1.0:p3:*:*:*:*:*:*

cpe:2.3:a:checkmk:checkmk:2.1.0:p4:*:*:*:*:*:*

cpe:2.3:a:checkmk:checkmk:2.1.0:p5:*:*:*:*:*:*

cpe:2.3:a:checkmk:checkmk:2.1.0:p6:*:*:*:*:*:*

cpe:2.3:a:checkmk:checkmk:2.1.0:p7:*:*:*:*:*:*

cpe:2.3:a:checkmk:checkmk:2.1.0:p8:*:*:*:*:*:*

cpe:2.3:a:checkmk:checkmk:2.1.0:p9:*:*:*:*:*:*

cpe:2.3:a:tribe29:checkmk:*:*:*:*:*:*:*:*

Версия от 1.6.0 (включая) до 2.0.0 (исключая)

EPSS

Процентиль: 70%

0.00646

Низкий

4.1 Medium

CVSS3

5.4 Medium

CVSS3

Дефекты

CWE-138

CWE-79

Связанные уязвимости

CVE-2023-22288

CVSS3: 4.1

ubuntu

почти 3 года назад

HTML Email Injection in Tribe29 Checkmk <=2.1.0p23; <=2.0.0p34, and all versions of Checkmk 1.6.0 allows an authenticated attacker to inject malicious HTML into Emails

CVE-2023-22288

CVSS3: 4.1

debian

почти 3 года назад

HTML Email Injection in Tribe29 Checkmk <=2.1.0p23; <=2.0.0p34, and al ...

GHSA-3g55-gxf8-m8xp

CVSS3: 5.4

github

почти 3 года назад

HTML Email Injection in Tribe29 Checkmk <=2.1.0p23; <=2.0.0p34, and all versions of Checkmk 1.6.0 allows an authenticated attacker to inject malicious HTML into Emails

EPSS

Процентиль: 70%

0.00646

Низкий

4.1 Medium

CVSS3

5.4 Medium

CVSS3

Дефекты

CWE-138

CWE-79