CVE-2022-47909

CVSS V2 None CVSS V3 None
Description
Livestatus Query Language (LQL) injection in the AuthUser HTTP query header of Tribe29's Checkmk <= 2.1.0p11, Checkmk <= 2.0.0p28, and all versions of Checkmk 1.6.0 (EOL) allows an attacker to perform direct queries to the application's core from localhost.
Overview
  • CVE ID
  • CVE-2022-47909
  • Assigner
  • security@checkmk.com
  • Vulnerability Status
  • Analyzed
  • Published Version
  • 2023-02-20T17:15:12
  • Last Modified Date
  • 2023-03-02T18:23:28
CPE Configuration (Product)
CPE Vulnerable Operator Version Start Version End
cpe:2.3:a:tribe29:checkmk:2.1.0:-:*:*:*:*:*:* 1 OR
cpe:2.3:a:tribe29:checkmk:2.1.0:b1:*:*:*:*:*:* 1 OR
cpe:2.3:a:tribe29:checkmk:2.1.0:b2:*:*:*:*:*:* 1 OR
cpe:2.3:a:tribe29:checkmk:2.1.0:b3:*:*:*:*:*:* 1 OR
cpe:2.3:a:tribe29:checkmk:2.1.0:b4:*:*:*:*:*:* 1 OR
cpe:2.3:a:tribe29:checkmk:2.1.0:b5:*:*:*:*:*:* 1 OR
cpe:2.3:a:tribe29:checkmk:2.1.0:b6:*:*:*:*:*:* 1 OR
cpe:2.3:a:tribe29:checkmk:2.1.0:b7:*:*:*:*:*:* 1 OR
cpe:2.3:a:tribe29:checkmk:2.1.0:b8:*:*:*:*:*:* 1 OR
cpe:2.3:a:tribe29:checkmk:2.1.0:b9:*:*:*:*:*:* 1 OR
cpe:2.3:a:tribe29:checkmk:2.1.0:p1:*:*:*:*:*:* 1 OR
cpe:2.3:a:tribe29:checkmk:2.1.0:p10:*:*:*:*:*:* 1 OR
cpe:2.3:a:tribe29:checkmk:2.1.0:p11:*:*:*:*:*:* 1 OR
cpe:2.3:a:tribe29:checkmk:2.1.0:p2:*:*:*:*:*:* 1 OR
cpe:2.3:a:tribe29:checkmk:2.1.0:p3:*:*:*:*:*:* 1 OR
cpe:2.3:a:tribe29:checkmk:2.1.0:p4:*:*:*:*:*:* 1 OR
cpe:2.3:a:tribe29:checkmk:2.1.0:p5:*:*:*:*:*:* 1 OR
cpe:2.3:a:tribe29:checkmk:2.1.0:p6:*:*:*:*:*:* 1 OR
cpe:2.3:a:tribe29:checkmk:2.1.0:p7:*:*:*:*:*:* 1 OR
cpe:2.3:a:tribe29:checkmk:2.1.0:p8:*:*:*:*:*:* 1 OR
cpe:2.3:a:tribe29:checkmk:2.1.0:p9:*:*:*:*:*:* 1 OR
cpe:2.3:a:tribe29:checkmk:2.0.0:-:*:*:*:*:*:* 1 OR
cpe:2.3:a:tribe29:checkmk:2.0.0:b1:*:*:*:*:*:* 1 OR
cpe:2.3:a:tribe29:checkmk:2.0.0:b2:*:*:*:*:*:* 1 OR
cpe:2.3:a:tribe29:checkmk:2.0.0:b3:*:*:*:*:*:* 1 OR
cpe:2.3:a:tribe29:checkmk:2.0.0:b4:*:*:*:*:*:* 1 OR
cpe:2.3:a:tribe29:checkmk:2.0.0:b5:*:*:*:*:*:* 1 OR
cpe:2.3:a:tribe29:checkmk:2.0.0:b6:*:*:*:*:*:* 1 OR
cpe:2.3:a:tribe29:checkmk:2.0.0:b7:*:*:*:*:*:* 1 OR
cpe:2.3:a:tribe29:checkmk:2.0.0:b8:*:*:*:*:*:* 1 OR
cpe:2.3:a:tribe29:checkmk:2.0.0:i1:*:*:*:*:*:* 1 OR
cpe:2.3:a:tribe29:checkmk:2.0.0:p1:*:*:*:*:*:* 1 OR
cpe:2.3:a:tribe29:checkmk:2.0.0:p10:*:*:*:*:*:* 1 OR
cpe:2.3:a:tribe29:checkmk:2.0.0:p11:*:*:*:*:*:* 1 OR
cpe:2.3:a:tribe29:checkmk:2.0.0:p12:*:*:*:*:*:* 1 OR
cpe:2.3:a:tribe29:checkmk:2.0.0:p13:*:*:*:*:*:* 1 OR
cpe:2.3:a:tribe29:checkmk:2.0.0:p14:*:*:*:*:*:* 1 OR
cpe:2.3:a:tribe29:checkmk:2.0.0:p15:*:*:*:*:*:* 1 OR
cpe:2.3:a:tribe29:checkmk:2.0.0:p16:*:*:*:*:*:* 1 OR
cpe:2.3:a:tribe29:checkmk:2.0.0:p17:*:*:*:*:*:* 1 OR
cpe:2.3:a:tribe29:checkmk:2.0.0:p18:*:*:*:*:*:* 1 OR
cpe:2.3:a:tribe29:checkmk:2.0.0:p19:*:*:*:*:*:* 1 OR
cpe:2.3:a:tribe29:checkmk:2.0.0:p2:*:*:*:*:*:* 1 OR
cpe:2.3:a:tribe29:checkmk:2.0.0:p20:*:*:*:*:*:* 1 OR
cpe:2.3:a:tribe29:checkmk:2.0.0:p21:*:*:*:*:*:* 1 OR
cpe:2.3:a:tribe29:checkmk:2.0.0:p22:*:*:*:*:*:* 1 OR
cpe:2.3:a:tribe29:checkmk:2.0.0:p23:*:*:*:*:*:* 1 OR
cpe:2.3:a:tribe29:checkmk:2.0.0:p24:*:*:*:*:*:* 1 OR
cpe:2.3:a:tribe29:checkmk:2.0.0:p25:*:*:*:*:*:* 1 OR
cpe:2.3:a:tribe29:checkmk:2.0.0:p26:*:*:*:*:*:* 1 OR
cpe:2.3:a:tribe29:checkmk:2.0.0:p27:*:*:*:*:*:* 1 OR
cpe:2.3:a:tribe29:checkmk:2.0.0:p28:*:*:*:*:*:* 1 OR
cpe:2.3:a:tribe29:checkmk:2.0.0:p3:*:*:*:*:*:* 1 OR
cpe:2.3:a:tribe29:checkmk:2.0.0:p4:*:*:*:*:*:* 1 OR
cpe:2.3:a:tribe29:checkmk:2.0.0:p5:*:*:*:*:*:* 1 OR
cpe:2.3:a:tribe29:checkmk:2.0.0:p6:*:*:*:*:*:* 1 OR
cpe:2.3:a:tribe29:checkmk:2.0.0:p7:*:*:*:*:*:* 1 OR
cpe:2.3:a:tribe29:checkmk:2.0.0:p8:*:*:*:*:*:* 1 OR
cpe:2.3:a:tribe29:checkmk:2.0.0:p9:*:*:*:*:*:* 1 OR
cpe:2.3:a:tribe29:checkmk:1.6.0:-:*:*:*:*:*:* 1 OR
cpe:2.3:a:tribe29:checkmk:1.6.0:b1:*:*:*:*:*:* 1 OR
cpe:2.3:a:tribe29:checkmk:1.6.0:b10:*:*:*:*:*:* 1 OR
cpe:2.3:a:tribe29:checkmk:1.6.0:b11:*:*:*:*:*:* 1 OR
cpe:2.3:a:tribe29:checkmk:1.6.0:b12:*:*:*:*:*:* 1 OR
cpe:2.3:a:tribe29:checkmk:1.6.0:b2:*:*:*:*:*:* 1 OR
cpe:2.3:a:tribe29:checkmk:1.6.0:b3:*:*:*:*:*:* 1 OR
cpe:2.3:a:tribe29:checkmk:1.6.0:b4:*:*:*:*:*:* 1 OR
cpe:2.3:a:tribe29:checkmk:1.6.0:b5:*:*:*:*:*:* 1 OR
cpe:2.3:a:tribe29:checkmk:1.6.0:b6:*:*:*:*:*:* 1 OR
cpe:2.3:a:tribe29:checkmk:1.6.0:b7:*:*:*:*:*:* 1 OR
cpe:2.3:a:tribe29:checkmk:1.6.0:b8:*:*:*:*:*:* 1 OR
cpe:2.3:a:tribe29:checkmk:1.6.0:b9:*:*:*:*:*:* 1 OR
cpe:2.3:a:tribe29:checkmk:1.6.0:p1:*:*:*:*:*:* 1 OR
cpe:2.3:a:tribe29:checkmk:1.6.0:p10:*:*:*:*:*:* 1 OR
cpe:2.3:a:tribe29:checkmk:1.6.0:p11:*:*:*:*:*:* 1 OR
cpe:2.3:a:tribe29:checkmk:1.6.0:p12:*:*:*:*:*:* 1 OR
cpe:2.3:a:tribe29:checkmk:1.6.0:p13:*:*:*:*:*:* 1 OR
cpe:2.3:a:tribe29:checkmk:1.6.0:p14:*:*:*:*:*:* 1 OR
cpe:2.3:a:tribe29:checkmk:1.6.0:p15:*:*:*:*:*:* 1 OR
cpe:2.3:a:tribe29:checkmk:1.6.0:p16:*:*:*:*:*:* 1 OR
cpe:2.3:a:tribe29:checkmk:1.6.0:p17:*:*:*:*:*:* 1 OR
cpe:2.3:a:tribe29:checkmk:1.6.0:p18:*:*:*:*:*:* 1 OR
cpe:2.3:a:tribe29:checkmk:1.6.0:p19:*:*:*:*:*:* 1 OR
cpe:2.3:a:tribe29:checkmk:1.6.0:p2:*:*:*:*:*:* 1 OR
cpe:2.3:a:tribe29:checkmk:1.6.0:p20:*:*:*:*:*:* 1 OR
cpe:2.3:a:tribe29:checkmk:1.6.0:p21:*:*:*:*:*:* 1 OR
cpe:2.3:a:tribe29:checkmk:1.6.0:p22:*:*:*:*:*:* 1 OR
cpe:2.3:a:tribe29:checkmk:1.6.0:p23:*:*:*:*:*:* 1 OR
cpe:2.3:a:tribe29:checkmk:1.6.0:p24:*:*:*:*:*:* 1 OR
cpe:2.3:a:tribe29:checkmk:1.6.0:p25:*:*:*:*:*:* 1 OR
cpe:2.3:a:tribe29:checkmk:1.6.0:p26:*:*:*:*:*:* 1 OR
cpe:2.3:a:tribe29:checkmk:1.6.0:p27:*:*:*:*:*:* 1 OR
cpe:2.3:a:tribe29:checkmk:1.6.0:p28:*:*:*:*:*:* 1 OR
cpe:2.3:a:tribe29:checkmk:1.6.0:p29:*:*:*:*:*:* 1 OR
cpe:2.3:a:tribe29:checkmk:1.6.0:p3:*:*:*:*:*:* 1 OR
cpe:2.3:a:tribe29:checkmk:1.6.0:p30:*:*:*:*:*:* 1 OR
cpe:2.3:a:tribe29:checkmk:1.6.0:p4:*:*:*:*:*:* 1 OR
cpe:2.3:a:tribe29:checkmk:1.6.0:p5:*:*:*:*:*:* 1 OR
cpe:2.3:a:tribe29:checkmk:1.6.0:p6:*:*:*:*:*:* 1 OR
cpe:2.3:a:tribe29:checkmk:1.6.0:p7:*:*:*:*:*:* 1 OR
cpe:2.3:a:tribe29:checkmk:1.6.0:p8:*:*:*:*:*:* 1 OR
cpe:2.3:a:tribe29:checkmk:1.6.0:p9:*:*:*:*:*:* 1 OR
References
Reference URL Reference Tags
https://checkmk.com/werk/14384 Vendor Advisory
History
Created Old Value New Value Data Type Notes
2023-04-17 07:59:56 Added to TrackCVE
2023-04-17 07:59:58 Weakness Enumeration new