CVE-2014-0243
Severity CVSS v4.0:
Pending analysis
Type:
CWE-59
Link Following
Publication date:
19/07/2018
Last modified:
07/11/2023
Description
Check_MK through 1.2.5i2p1 allows local users to read arbitrary files via a symlink attack to a file in /var/lib/check_mk_agent/job.
Impact
Base Score 3.x
5.50
Severity 3.x
MEDIUM
Base Score 2.0
2.10
Severity 2.0
LOW
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:check_mk_project:check_mk:*:*:*:*:*:*:*:* | 1.2.5 (including) | |
| cpe:2.3:a:check_mk_project:check_mk:1.2.5:i2p1:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- http://git.mathias-kettner.de/git/?p=check_mk.git%3Ba%3Dcommit%3Bh%3D0426323df1641596c4f01ef5a716a3b65276f01c
- http://git.mathias-kettner.de/git/?p=check_mk.git%3Ba%3Dcommit%3Bh%3Da2ef8d00c53ec9cbd05c4ae2f09b50761130e7ce
- http://lists.fedoraproject.org/pipermail/package-announce/2014-June/134160.html
- http://lists.fedoraproject.org/pipermail/package-announce/2014-June/134166.html
- http://packetstormsecurity.com/files/126857/Check_MK-Arbitrary-File-Disclosure.html
- http://seclists.org/fulldisclosure/2014/May/145
- http://www.openwall.com/lists/oss-security/2014/05/28/1
- http://www.securityfocus.com/bid/67674
- https://bugzilla.redhat.com/show_bug.cgi?id=1101669
- https://secuniaresearch.flexerasoftware.com/advisories/58536
- https://www.securityfocus.com/archive/1/532224/100/0/threaded