Livestatus injection in availability timeline
CVE-2023-6156

8.8HIGH

Key Information:

Vendor: Checkmk GmbH
Status: Checkmk
Vendor: CVE Published:; 22 November 2023

What is CVE-2023-6156?

A vulnerability exists in Checkmk due to improper neutralization of livestatus command delimiters in the availability timeline. This flaw allows authorized users to execute arbitrary livestatus commands within Checkmk versions 2.0.0p39 and below, as well as earlier releases of versions 2.1.0 and 2.2.0. This could potentially lead to unauthorized access and manipulation of the monitoring tool's functionality.

Affected Version(s)

Checkmk 2.2.0 < 2.2.0p15

Checkmk 2.1.0 < 2.1.0p37

Checkmk 2.0.0 <= 2.0.0p39

References

https://checkmk.com/werk/16221

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Nov 22, 2023
Vulnerability Reserved
Nov 15, 2023

Checkmk GmbH

What is CVE-2023-6156?

Affected Version(s)

References

CVSS V3.1

Timeline