Your submission was sent successfully! Close

CVE-2017-14955

Published: 2 October 2017

Check_MK before 1.2.8p26 mishandles certain errors within the failed-login save feature because of a race condition, which allows remote attackers to obtain sensitive user information by reading a GUI crash report.

Notes

AuthorNote
0xnishit
fix 1.2.8p26: https://github.com/tribe29/checkmk/commit/5ac2dd84a1ae62140191fc0f5508b29b2631b74d
Priority

Medium

CVSS 3 base score: 5.9

Status

Package Release Status
check-mk
Launchpad, Ubuntu, Debian
artful Ignored
(reached end-of-life)
bionic
Released (1.2.8p16-1ubuntu0.2)
cosmic Ignored
(reached end-of-life)
disco Ignored
(reached end-of-life)
eoan Ignored
(reached end-of-life)
focal Does not exist

groovy Does not exist

hirsute Does not exist

impish Does not exist

jammy Does not exist

precise Does not exist

trusty Does not exist
(trusty was needed)
upstream
Released (1.2.8p26)
xenial Ignored
(end of standard support, was needed)
zesty Ignored
(reached end-of-life)