CVE-2022-46836 - Vulnerability Details

PHP code injection in watolib auth.php and hosttags.php in Tribe29's Checkmk <= 2.1.0p10, Checkmk <= 2.0.0p27, and Checkmk <= 1.6.0p29 allows an attacker to inject and execute PHP code which will be executed upon request of the vulnerable component.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Changed

Confidentiality Impact High

Integrity Impact Low

Availability Impact Low

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Checkmk	Checkmk

Configuration 1 [-]

OR	cpe:2.3:a:checkmk:checkmk:2.1.0:-::::::
	cpe:2.3:a:checkmk:checkmk:2.1.0:b1::::::
	cpe:2.3:a:checkmk:checkmk:2.1.0:b2::::::
	cpe:2.3:a:checkmk:checkmk:2.1.0:b3::::::
	cpe:2.3:a:checkmk:checkmk:2.1.0:b4::::::
	cpe:2.3:a:checkmk:checkmk:2.1.0:b5::::::
	cpe:2.3:a:checkmk:checkmk:2.1.0:b6::::::
	cpe:2.3:a:checkmk:checkmk:2.1.0:b7::::::
	cpe:2.3:a:checkmk:checkmk:2.1.0:b8::::::
	cpe:2.3:a:checkmk:checkmk:2.1.0:b9::::::
	cpe:2.3:a:checkmk:checkmk:2.1.0:p1::::::
	cpe:2.3:a:checkmk:checkmk:2.1.0:p10::::::
	cpe:2.3:a:checkmk:checkmk:2.1.0:p2::::::
	cpe:2.3:a:checkmk:checkmk:2.1.0:p3::::::
	cpe:2.3:a:checkmk:checkmk:2.1.0:p4::::::
	cpe:2.3:a:checkmk:checkmk:2.1.0:p5::::::
	cpe:2.3:a:checkmk:checkmk:2.1.0:p6::::::
	cpe:2.3:a:checkmk:checkmk:2.1.0:p7::::::
	cpe:2.3:a:checkmk:checkmk:2.1.0:p8::::::
	cpe:2.3:a:checkmk:checkmk:2.1.0:p9::::::

Configuration 2 [-]

OR	cpe:2.3:a:checkmk:checkmk:2.0.0:-::::::
	cpe:2.3:a:checkmk:checkmk:2.0.0:b1::::::
	cpe:2.3:a:checkmk:checkmk:2.0.0:b2::::::
	cpe:2.3:a:checkmk:checkmk:2.0.0:b3::::::
	cpe:2.3:a:checkmk:checkmk:2.0.0:b4::::::
	cpe:2.3:a:checkmk:checkmk:2.0.0:b5::::::
	cpe:2.3:a:checkmk:checkmk:2.0.0:b6::::::
	cpe:2.3:a:checkmk:checkmk:2.0.0:b7::::::
	cpe:2.3:a:checkmk:checkmk:2.0.0:b8::::::
	cpe:2.3:a:checkmk:checkmk:2.0.0:i1::::::
	cpe:2.3:a:checkmk:checkmk:2.0.0:p1::::::
	cpe:2.3:a:checkmk:checkmk:2.0.0:p10::::::
	cpe:2.3:a:checkmk:checkmk:2.0.0:p11::::::
	cpe:2.3:a:checkmk:checkmk:2.0.0:p12::::::
	cpe:2.3:a:checkmk:checkmk:2.0.0:p13::::::
	cpe:2.3:a:checkmk:checkmk:2.0.0:p14::::::
	cpe:2.3:a:checkmk:checkmk:2.0.0:p15::::::
	cpe:2.3:a:checkmk:checkmk:2.0.0:p16::::::
	cpe:2.3:a:checkmk:checkmk:2.0.0:p17::::::
	cpe:2.3:a:checkmk:checkmk:2.0.0:p18::::::
	cpe:2.3:a:checkmk:checkmk:2.0.0:p19::::::
	cpe:2.3:a:checkmk:checkmk:2.0.0:p2::::::
	cpe:2.3:a:checkmk:checkmk:2.0.0:p20::::::
	cpe:2.3:a:checkmk:checkmk:2.0.0:p21::::::
	cpe:2.3:a:checkmk:checkmk:2.0.0:p22::::::
	cpe:2.3:a:checkmk:checkmk:2.0.0:p23::::::
	cpe:2.3:a:checkmk:checkmk:2.0.0:p24::::::
	cpe:2.3:a:checkmk:checkmk:2.0.0:p25::::::
	cpe:2.3:a:checkmk:checkmk:2.0.0:p26::::::
	cpe:2.3:a:checkmk:checkmk:2.0.0:p27::::::
	cpe:2.3:a:checkmk:checkmk:2.0.0:p3::::::
	cpe:2.3:a:checkmk:checkmk:2.0.0:p4::::::
	cpe:2.3:a:checkmk:checkmk:2.0.0:p5::::::
	cpe:2.3:a:checkmk:checkmk:2.0.0:p6::::::
	cpe:2.3:a:checkmk:checkmk:2.0.0:p7::::::
	cpe:2.3:a:checkmk:checkmk:2.0.0:p8::::::
	cpe:2.3:a:checkmk:checkmk:2.0.0:p9::::::

Configuration 3 [-]

OR	cpe:2.3:a:checkmk:checkmk:1.6.0:-::::::
	cpe:2.3:a:checkmk:checkmk:1.6.0:b1::::::
	cpe:2.3:a:checkmk:checkmk:1.6.0:b10::::::
	cpe:2.3:a:checkmk:checkmk:1.6.0:b11::::::
	cpe:2.3:a:checkmk:checkmk:1.6.0:b12::::::
	cpe:2.3:a:checkmk:checkmk:1.6.0:b2::::::
	cpe:2.3:a:checkmk:checkmk:1.6.0:b3::::::
	cpe:2.3:a:checkmk:checkmk:1.6.0:b4::::::
	cpe:2.3:a:checkmk:checkmk:1.6.0:b5::::::
	cpe:2.3:a:checkmk:checkmk:1.6.0:b6::::::
	cpe:2.3:a:checkmk:checkmk:1.6.0:b7::::::
	cpe:2.3:a:checkmk:checkmk:1.6.0:b8::::::
	cpe:2.3:a:checkmk:checkmk:1.6.0:b9::::::
	cpe:2.3:a:checkmk:checkmk:1.6.0:p1::::::
	cpe:2.3:a:checkmk:checkmk:1.6.0:p10::::::
	cpe:2.3:a:checkmk:checkmk:1.6.0:p11::::::
	cpe:2.3:a:checkmk:checkmk:1.6.0:p12::::::
	cpe:2.3:a:checkmk:checkmk:1.6.0:p13::::::
	cpe:2.3:a:checkmk:checkmk:1.6.0:p14::::::
	cpe:2.3:a:checkmk:checkmk:1.6.0:p15::::::
	cpe:2.3:a:checkmk:checkmk:1.6.0:p16::::::
	cpe:2.3:a:checkmk:checkmk:1.6.0:p17::::::
	cpe:2.3:a:checkmk:checkmk:1.6.0:p18::::::
	cpe:2.3:a:checkmk:checkmk:1.6.0:p19::::::
	cpe:2.3:a:checkmk:checkmk:1.6.0:p2::::::
	cpe:2.3:a:checkmk:checkmk:1.6.0:p20::::::
	cpe:2.3:a:checkmk:checkmk:1.6.0:p21::::::
	cpe:2.3:a:checkmk:checkmk:1.6.0:p22::::::
	cpe:2.3:a:checkmk:checkmk:1.6.0:p23::::::
	cpe:2.3:a:checkmk:checkmk:1.6.0:p24::::::
	cpe:2.3:a:checkmk:checkmk:1.6.0:p25::::::
	cpe:2.3:a:checkmk:checkmk:1.6.0:p26::::::
	cpe:2.3:a:checkmk:checkmk:1.6.0:p27::::::
	cpe:2.3:a:checkmk:checkmk:1.6.0:p28::::::
	cpe:2.3:a:checkmk:checkmk:1.6.0:p29::::::
	cpe:2.3:a:checkmk:checkmk:1.6.0:p3::::::
	cpe:2.3:a:checkmk:checkmk:1.6.0:p4::::::
	cpe:2.3:a:checkmk:checkmk:1.6.0:p5::::::
	cpe:2.3:a:checkmk:checkmk:1.6.0:p6::::::
	cpe:2.3:a:checkmk:checkmk:1.6.0:p7::::::
	cpe:2.3:a:checkmk:checkmk:1.6.0:p8::::::
	cpe:2.3:a:checkmk:checkmk:1.6.0:p9::::::

No data.

References

Link	Providers
https://checkmk.com/werk/14383
https://www.sonarsource.com/blog/checkmk-rce-chain-3/

History

No history.

MITRE

Status: PUBLISHED

Assigner: Tribe29

Published: 2023-02-20T16:52:56.912Z

Updated: 2024-08-03T14:39:39.053Z

Reserved: 2023-01-18T15:49:58.118Z

Link: CVE-2022-46836

Vulnrichment

No data.

NVD

Status : Modified

Published: 2023-02-20T17:15:12.153

Modified: 2024-11-21T07:31:08.993

Link: CVE-2022-46836

Redhat

No data.

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Changed

Confidentiality Impact High

Integrity Impact Low

Availability Impact Low

User Interaction None

Affected Vendors & Products

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Changed

Confidentiality Impact High

Integrity Impact Low

Availability Impact Low

User Interaction None

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object