Today > | 2 Medium vulnerabilities   -   You can now download lists of IOCs here!

CVE-2024-38864

Dec. 19, 2024, 4:15 p.m.

Tags

CWE-732
security@checkmk.com
2024-12-19
CVE-2024-38864

Product(s) Impacted

Checkmk

  • < 2.3.0p23
  • < 2.2.0p38
  • <= 2.1.0p49 (EOL)

Description

Incorrect permissions on the Checkmk Windows Agent's data directory in Checkmk < 2.3.0p23, < 2.2.0p38 and <= 2.1.0p49 (EOL) allows a local attacker to read sensitive data.

Weaknesses

CWE-732
Incorrect Permission Assignment for Critical Resource

The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.

CWE ID: 732

Date

Published: Dec. 19, 2024, 4:15 p.m.

Last Modified: Dec. 19, 2024, 4:15 p.m.

Status : Received

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

security@checkmk.com

References

https://checkmk.com/ security@checkmk.com