CVE-2022-46302 HIGH

CVE-2022-46302: Remote Code Execution with Root Privileges via Broad Apache Permissions

Vendor Tribe29

Product Checkmk

Weakness CWE-829 · Inclusion from untrusted sphere

Published April 20, 2023

Last update February 4, 2025

View on NVD All CVEs

CVSS base score

8.8/10

Attack vector Local

Attack complexity Low

Privileges required Low

User interaction None

Confidentiality High

Integrity High

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

What the vulnerability does

Description

Broad access controls could allow site users to directly interact with the system Apache installation when providing the reverse proxy configurations for Tribe29's Checkmk <= 2.1.0p6, Checkmk <= 2.0.0p27, and all versions of Checkmk 1.6.0 (EOL) allowing an attacker to perform remote code execution with root privileges on the underlying host.

Key dates

Disclosure timeline

April 20, 2023 CVE published

February 4, 2025 Record updated

Identifiers

CVE CVE-2022-46302

CWE CWE-829

CVSS 8.8 / HIGH

Affected versions

Vendor Tribe29

Product Checkmk

Affected ≥ 2.0.0 and ≤ 2.0.0p27

Vendor Tribe29

Product Checkmk

Affected ≥ 2.1.0 and ≤ 2.1.0p6

Vendor Tribe29

Product Checkmk

Affected ≥ 1.6.0 and ≤ 1.6.0p30