Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
2 vulnerabilities found for Checkmk Appliance by Checkmk GmbH
CVE-2023-6287 (GCVE-0-2023-6287)
Vulnerability from nvd – Published: 2023-11-27 14:04 – Updated: 2024-08-26 09:47
VLAI
EPSS
VEX
Title
Backup password in GET parameter
Summary
Sensitive data exposure in Webconf in Tribe29 Checkmk Appliance before 1.6.8 allows local attacker to retrieve passwords via reading log files.
Severity
CWE
- CWE-598 - Use of GET Request Method With Sensitive Query Strings
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://checkmk.com/werk/9554 |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Checkmk GmbH | Checkmk Appliance |
Affected:
0 , < 1.6.8
(semver)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T08:28:21.291Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://checkmk.com/werk/9554"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Checkmk Appliance",
"vendor": "Checkmk GmbH",
"versions": [
{
"lessThan": "1.6.8",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Sensitive data exposure in Webconf in Tribe29 Checkmk Appliance before 1.6.8 allows local attacker to retrieve passwords via reading log files."
}
],
"impacts": [
{
"capecId": "CAPEC-37",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-37 Retrieve Embedded Sensitive Data"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-598",
"description": "CWE-598: Use of GET Request Method With Sensitive Query Strings",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-26T09:47:54.792Z",
"orgId": "f7d6281c-4801-44ce-ace2-493291dedb0f",
"shortName": "Checkmk"
},
"references": [
{
"url": "https://checkmk.com/werk/9554"
}
],
"title": "Backup password in GET parameter"
}
},
"cveMetadata": {
"assignerOrgId": "f7d6281c-4801-44ce-ace2-493291dedb0f",
"assignerShortName": "Checkmk",
"cveId": "CVE-2023-6287",
"datePublished": "2023-11-27T14:04:01.568Z",
"dateReserved": "2023-11-24T14:13:16.514Z",
"dateUpdated": "2024-08-26T09:47:54.792Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-6287 (GCVE-0-2023-6287)
Vulnerability from cvelistv5 – Published: 2023-11-27 14:04 – Updated: 2024-08-26 09:47
VLAI
EPSS
VEX
Title
Backup password in GET parameter
Summary
Sensitive data exposure in Webconf in Tribe29 Checkmk Appliance before 1.6.8 allows local attacker to retrieve passwords via reading log files.
Severity
CWE
- CWE-598 - Use of GET Request Method With Sensitive Query Strings
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://checkmk.com/werk/9554 |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Checkmk GmbH | Checkmk Appliance |
Affected:
0 , < 1.6.8
(semver)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T08:28:21.291Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://checkmk.com/werk/9554"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Checkmk Appliance",
"vendor": "Checkmk GmbH",
"versions": [
{
"lessThan": "1.6.8",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Sensitive data exposure in Webconf in Tribe29 Checkmk Appliance before 1.6.8 allows local attacker to retrieve passwords via reading log files."
}
],
"impacts": [
{
"capecId": "CAPEC-37",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-37 Retrieve Embedded Sensitive Data"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-598",
"description": "CWE-598: Use of GET Request Method With Sensitive Query Strings",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-26T09:47:54.792Z",
"orgId": "f7d6281c-4801-44ce-ace2-493291dedb0f",
"shortName": "Checkmk"
},
"references": [
{
"url": "https://checkmk.com/werk/9554"
}
],
"title": "Backup password in GET parameter"
}
},
"cveMetadata": {
"assignerOrgId": "f7d6281c-4801-44ce-ace2-493291dedb0f",
"assignerShortName": "Checkmk",
"cveId": "CVE-2023-6287",
"datePublished": "2023-11-27T14:04:01.568Z",
"dateReserved": "2023-11-24T14:13:16.514Z",
"dateUpdated": "2024-08-26T09:47:54.792Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}