VYPR
Unrated severityNVD Advisory· Published May 29, 2024· Updated Aug 2, 2024

Unrestricted upload and download paths in check_sftp

CVE-2024-28826

Description

Improper restriction of local upload and download paths in check_sftp in Checkmk before 2.3.0p4, 2.2.0p27, 2.1.0p44, and in Checkmk 2.0.0 (EOL) allows attackers with sufficient permissions to configure the check to read and write local files on the Checkmk site server.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Checkmk/Checkmkllm-fuzzy2 versions
    <2.3.0p4, <2.2.0p27, <2.1.0p44, =2.0.0+ 1 more
    • (no CPE)range: <2.3.0p4, <2.2.0p27, <2.1.0p44, =2.0.0
    • (no CPE)range: 2.3.0

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.