CVE-2024-28824
published 2024-03-22CVE-2024-28824: Least privilege violation and reliance on untrusted inputs in the mk_informix Checkmk agent plugin before Checkmk 2.3.0b4 (beta), 2.2.0p24, 2.1.0p41 and 2.0.0…
PriorityP338high7.8CVSS 3.1
AVLACLPRLUINSUCHIHAH
EPSS
0.18%
7.7th percentile
Least privilege violation and reliance on untrusted inputs in the mk_informix Checkmk agent plugin before Checkmk 2.3.0b4 (beta), 2.2.0p24, 2.1.0p41 and 2.0.0 (EOL) allows local users to escalate privileges.
Affected
8 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| checkmk | checkmk | <= 2.0.0 | — |
| checkmk | checkmk | — | — |
| checkmk | checkmk | — | — |
| checkmk | checkmk | — | — |
| checkmk_gmbh | checkmk | 2.0.0 – 2.0.0p39 | — |
| checkmk_gmbh | checkmk | >= 2.1.0 < 2.1.0p41 | 2.1.0p41 |
| checkmk_gmbh | checkmk | >= 2.2.0 < 2.2.0p24 | 2.2.0p24 |
| checkmk_gmbh | checkmk | >= 2.3.0 < 2.3.0b4 | 2.3.0b4 |
CVSS provenance
nvdv3.17.8HIGHCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
osv7.8HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-xx7c-hx38-xm2p: Least privilege violation and reliance on untrusted inputs in the mk_informix Checkmk agent plugin before Checkmk 2
ghsa_unreviewed·2024-03-22
CVE-2024-28824 [HIGH] CWE-272 GHSA-xx7c-hx38-xm2p: Least privilege violation and reliance on untrusted inputs in the mk_informix Checkmk agent plugin before Checkmk 2
Least privilege violation and reliance on untrusted inputs in the mk_informix Checkmk agent plugin before Checkmk 2.3.0b4 (beta), 2.2.0p24, 2.1.0p41 and 2.0.0 (EOL) allows local users to escalate privileges.
OSV
CVE-2024-28824: Least privilege violation and reliance on untrusted inputs in the mk_informix Checkmk agent plugin before Checkmk 2
osv·2024-03-22·CVSS 7.8
CVE-2024-28824 [HIGH] CVE-2024-28824: Least privilege violation and reliance on untrusted inputs in the mk_informix Checkmk agent plugin before Checkmk 2
Least privilege violation and reliance on untrusted inputs in the mk_informix Checkmk agent plugin before Checkmk 2.3.0b4 (beta), 2.2.0p24, 2.1.0p41 and 2.0.0 (EOL) allows local users to escalate privileges.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2024-03-22
Published