CVE-2022-48317 MEDIUM

CVE-2022-48317: Insecure Termination of RestAPI Session Tokens

Vendor Tribe29

Product Checkmk

Weakness CWE-613 · Insufficient session expiration

Published February 20, 2023

Last update March 12, 2025

View on NVD All CVEs

CVSS base score

5.6/10

Attack vector Network

Attack complexity High

Privileges required None

User interaction None

Confidentiality Low

Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L

What the vulnerability does

01Description

Expired sessions were not securely terminated in the RestAPI for Tribe29's Checkmk <= 2.1.0p10 and Checkmk <= 2.0.0p28 allowing an attacker to use expired session tokens when communicating with the RestAPI.

Key dates

02Disclosure timeline

February 20, 2023 CVE published

March 12, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2022-48317 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/613.html

Related vulnerabilities

Identifiers

CVE CVE-2022-48317

CWE CWE-613

CVSS 5.6 / MEDIUM

Affected versions

Vendor Tribe29

Product Checkmk

Affected ≥ 2.0.0 and ≤ 2.0.0p28

Vendor Tribe29

Product Checkmk

Affected ≥ 2.1.0 and ≤ 2.1.0p10

CVE-2022-48317: Insecure Termination of RestAPI Session Tokens

01Description

02Disclosure timeline

03References

04Related CVE