CVE-2022-48319 MEDIUM

CVE-2022-48319: Host secret disclosed in Checkmk logs

Vendor Tribe29
Product Checkmk
Weakness CWE-200 · Info exposure
Published February 20, 2023
Last update March 12, 2025

CVSS base score

6.5/10
Attack vector Local
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality High
Integrity None

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

What the vulnerability does

01Description

Sensitive host secret disclosed in cmk-update-agent.log file in Tribe29's Checkmk <= 2.1.0p13, Checkmk <= 2.0.0p29, and all versions of Checkmk 1.6.0 (EOL) allows an attacker to gain access to the host secret through the unprotected agent updater log file.

Key dates

02Disclosure timeline

February 20, 2023 CVE published
March 12, 2025 Record updated