CVE-2023-6287 : Sensitive data exposure in Webconf in Tribe29 Checkmk Appliance before 1.6.8 all

Sensitive data exposure in Webconf in Tribe29 Checkmk Appliance before 1.6.8 allows local attacker to retrieve passwords via reading log files.

Published 2023-11-27 14:15:08

Updated 2024-08-26 10:15:05

Source Checkmk GmbH

View at NVD, CVE.org

Products affected by CVE-2023-6287

Tribe29 » Checkmk Appliance Firmware
Versions before (<) 1.6.8
cpe:2.3:o:tribe29:checkmk_appliance_firmware:*:*:*:*:*:*:*:*
Matching versions

EPSS FAQ

0.05%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 13 %

Percentile, the proportion of vulnerabilities that are scored at or less

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
5.5	MEDIUM	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N	1.8	3.6	NIST
Attack Vector: Local Attack Complexity: Low Privileges Required: Low User Interaction: None Scope: Unchanged Confidentiality: High Integrity: None Availability: None
3.3	LOW	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N	1.8	1.4	Checkmk GmbH
Attack Vector: Local Attack Complexity: Low Privileges Required: Low User Interaction: None Scope: Unchanged Confidentiality: Low Integrity: None Availability: None

CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

Assigned by: security@checkmk.com (Secondary)
CWE-532 Insertion of Sensitive Information into Log File

The product writes sensitive information to a log file.

Assigned by: nvd@nist.gov (Primary)
CWE-598 Use of GET Request Method With Sensitive Query Strings

The web application uses the HTTP GET method to process a request and includes sensitive information in the query string of that request.

Assigned by: security@checkmk.com (Secondary)

Jump to