Vulnerabilities > CVE-2022-48321 - Server-Side Request Forgery (SSRF) vulnerability in Checkmk 2.1.0

CVSS 3.3 - LOW

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

LOW

Integrity impact

NONE

Availability impact

NONE

local

low complexity

checkmk

CWE-918

NVD

Published: 2023-02-20

Updated: 2024-07-23

Summary

Limited Server-Side Request Forgery (SSRF) in agent-receiver in Tribe29's Checkmk <= 2.1.0p11 allows an attacker to communicate with local network restricted endpoints by use of the host registration API.

Vulnerable Configurations

Part	Description	Count
Application	Checkmk Checkmk Checkmk 2.1.0	21

Common Weakness Enumeration (CWE)

CWE-918 - Server-Side Request Forgery (SSRF)

References

https://checkmk.com/werk/14385
https://www.sonarsource.com/blog/checkmk-rce-chain-1/