Vulnerabilities > CVE-2024-1742 - Unspecified vulnerability in Checkmk

CVSS 3.3 - LOW

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

LOW

Integrity impact

NONE

Availability impact

NONE

local

low complexity

checkmk

NVD

Published: 2024-03-22

Updated: 2024-12-04

Summary

Invocation of the sqlplus command with sensitive information in the command line in the mk_oracle Checkmk agent plugin before Checkmk 2.3.0b4 (beta), 2.2.0p24, 2.1.0p41 and 2.0.0 (EOL) allows the extraction of this information from the process list.

Vulnerable Configurations

Part	Description	Count
Application	Checkmk Checkmk Checkmk 2.1.0 Checkmk Checkmk 2.2.0 Checkmk Checkmk 2.3.0 Checkmk Checkmk 1.2.3 Checkmk Checkmk 1.2.4 Checkmk Checkmk 1.2.5 Checkmk Checkmk 1.2.6 Checkmk Checkmk 1.2.7 Checkmk Checkmk 1.2.8 Checkmk Checkmk 1.4.0 Checkmk Checkmk 1.5.0 Checkmk Checkmk 1.6.0 Checkmk Checkmk 1.6.4 Checkmk Checkmk 2.0.0	221

References

https://checkmk.com/werk/16234
https://checkmk.com/werk/16234