CVE-2014-2330

Published: 31 August 2015

Multiple cross-site request forgery (CSRF) vulnerabilities in the Multisite GUI in Check_MK before 1.2.5i2 allow remote attackers to hijack the authentication of users for requests that (1) upload arbitrary snapshots, (2) delete arbitrary files, or possibly have other unspecified impact via unknown vectors.

Priority

Status

Package	Release	Status
check-mk Launchpad, Ubuntu, Debian	precise	Ignored (end of life)
	trusty	Does not exist (trusty was not-affected [1.2.2p3-1])
	upstream	Released (1.2.2p3-1)
	vivid	Not vulnerable
	wily	Not vulnerable
	xenial	Not vulnerable
	yakkety	Not vulnerable
	zesty	Not vulnerable

References

http://packetstormsecurity.com/files/125850/DTC-A-20140324-002.txt
http://mathias-kettner.de/check_mk_werks.php?werk_id=0766
https://www.cve.org/CVERecord?id=CVE-2014-2330
NVD
Launchpad
Debian

Bugs

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=742689

Join the discussion

Ubuntu security updates mailing list
Security announcements mailing list

Canonical is offering Expanded Security Maintenance

Canonical is offering Ubuntu Expanded Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›