CVE-2022-46303 HIGH

CVE-2022-46303: Command injection in SMS notifications

Vendor Tribe29

Product Checkmk

Weakness CWE-20 · Input validation

Published February 20, 2023

Last update March 12, 2025

View on NVD All CVEs

CVSS base score

8.0/10

Attack vector Adjacent

Attack complexity High

Privileges required Low

User interaction None

Confidentiality High

Integrity High

CVSS vector

CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

What the vulnerability does

01Description

Command injection in SMS notifications in Tribe29 Checkmk <= 2.1.0p10, Checkmk <= 2.0.0p27, and Checkmk <= 1.6.0p29 allows an attacker with User Management permissions, as well as LDAP administrators in certain scenarios, to perform arbitrary commands within the context of the application's local permissions.

Key dates

02Disclosure timeline

February 20, 2023 CVE published

March 12, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2022-46303

Related vulnerabilities

Identifiers

CVE CVE-2022-46303

CWE CWE-20

CVSS 8.0 / HIGH

Affected versions

Vendor Tribe29

Product Checkmk

Affected ≥ 2.0.0 and ≤ 2.0.0p27

Vendor Tribe29

Product Checkmk

Affected ≥ 2.1.0 and ≤ 2.1.0p10

Vendor Tribe29

Product Checkmk

Affected ≥ 1.6.0 and ≤ 1.6.0p29

CVE-2022-46303: Command injection in SMS notifications

01Description

02Disclosure timeline

03References

04Related CVE