CVE-2022-48319
high-risk
Published 2023-02-20
Sensitive host secret disclosed in cmk-update-agent.log file in Tribe29's Checkmk <= 2.1.0p13, Checkmk <= 2.0.0p29, and all versions of Checkmk 1.6.0 (EOL) allows an attacker to gain access to the host secret through the unprotected agent updater log file.
Do I need to act?
-
0.06% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
6
CVSS 6.5/10
Medium
LOCAL
/ LOW complexity
Affected Products (20)
Affected Vendors
References (2)
Mitigation
https://checkmk.com/werk/14916
Mitigation
https://checkmk.com/werk/14916
51
/ 100
high-risk
Severity
21/34 · High
Exploitability
0/34 · Minimal
Exposure
30/34 · Critical