CVE-2024-1742 LOW

CVE-2024-1742: Information disclosure in mk_oracle Checkmk agent plugin

Vendor Checkmk Gmbh
Product Checkmk
Weakness CWE-214
Published March 22, 2024
Last update August 12, 2024

CVSS base score

3.8/10
Attack vector Local
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality Low
Integrity None

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N

What the vulnerability does

01Description

Invocation of the sqlplus command with sensitive information in the command line in the mk_oracle Checkmk agent plugin before Checkmk 2.3.0b4 (beta), 2.2.0p24, 2.1.0p41 and 2.0.0 (EOL) allows the extraction of this information from the process list.

Key dates

02Disclosure timeline

March 22, 2024 CVE published
August 12, 2024 Record updated