cbcvebase.
CVE-2023-31208
published 2023-05-17

CVE-2023-31208: Improper neutralization of livestatus command delimiters in the RestAPI in Checkmk < 2.0.0p36, < 2.1.0p28, and < 2.2.0b8 (beta) allows arbitrary livestatus…

PriorityP354high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
EPSS
0.97%
57.6th percentile
Improper neutralization of livestatus command delimiters in the RestAPI in Checkmk < 2.0.0p36, < 2.1.0p28, and < 2.2.0b8 (beta) allows arbitrary livestatus command execution for authorized users.

Affected

7 ranges
VendorProductVersion rangeFixed in
checkmkcheckmk
checkmkcheckmk
checkmkcheckmk
checkmk_gmbhcheckmk>= 2.0.0 < 2.0.0p362.0.0p36
checkmk_gmbhcheckmk>= 2.1.0 < 2.1.0p282.1.0p28
checkmk_gmbhcheckmk>= 2.2.0 < 2.2.0b82.2.0b8
tribe29checkmk< 2.0.02.0.0

CVSS provenance

nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
osv8.8HIGH
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.