← back
CVE-2024-28826

Unrestricted upload and download paths in check_sftp

CVSS 8.8 HIGHEPSS 0.5%CWE-73
Improper restriction of local upload and download paths in check_sftp in Checkmk before 2.3.0p4, 2.2.0p27, 2.1.0p44, and in Checkmk 2.0.0 (EOL) allows attackers with sufficient permissions to configure the check to read and write local files on the Checkmk site server.
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected products
Checkmk GmbH · Checkmk

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://checkmk.com/werk/15200