CVE-2023-31210
published 2023-12-13CVE-2023-31210: Usage of user controlled LD_LIBRARY_PATH in agent in Checkmk 2.2.0p10 up to 2.2.0p16 allows malicious Checkmk site user to escalate rights via injection of…
PriorityP340high7.8CVSS 3.1
AVLACLPRLUINSUCHIHAH
EPSS
0.54%
41.1th percentile
Usage of user controlled LD_LIBRARY_PATH in agent in Checkmk 2.2.0p10 up to 2.2.0p16 allows malicious Checkmk site user to escalate rights via injection of malicious libraries
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| checkmk | checkmk | — | — |
| checkmk_gmbh | checkmk | >= 2.2.0p10 < 2.2.0p17 | 2.2.0p17 |
CVSS provenance
nvdv3.17.8HIGHCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
osv7.8HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
CVE-2023-31210: Usage of user controlled LD_LIBRARY_PATH in agent in Checkmk 2
osv·2023-12-13·CVSS 7.8
CVE-2023-31210 [HIGH] CVE-2023-31210: Usage of user controlled LD_LIBRARY_PATH in agent in Checkmk 2
Usage of user controlled LD_LIBRARY_PATH in agent in Checkmk 2.2.0p10 up to 2.2.0p16 allows malicious Checkmk site user to escalate rights via injection of malicious libraries
GHSA
GHSA-45w9-c3q7-mccg: Usage of user controlled LD_LIBRARY_PATH in agent in Checkmk 2
ghsa_unreviewed·2023-12-13
CVE-2023-31210 [HIGH] CWE-427 GHSA-45w9-c3q7-mccg: Usage of user controlled LD_LIBRARY_PATH in agent in Checkmk 2
Usage of user controlled LD_LIBRARY_PATH in agent in Checkmk 2.2.0p10 up to 2.2.0p16 allows malicious Checkmk site user to escalate rights via injection of malicious libraries
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2023-12-13
Published