← volver
CVE-2025-64996

Overly broad file permissions in the mk_inotify plugin allows reading and manipulating the plugin's output

CVSS 4.8 MEDIUMEPSS 0.1%CWE-732
In Checkmk versions prior to 2.4.0p16, 2.3.0p41, and all versions of 2.2.0 and older, the mk_inotify plugin creates world-readable and writable files, allowing any local user on the system to read the plugin's output and manipulate it, potentially leading to unauthorized access to or modification of monitoring data.
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:L/SI:N/SA:N
Productos afectados
Checkmk GmbH · Checkmk

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://checkmk.com/werk/18570