CVE-2023-31210: Privilege escalation in agent via LD_LIBRARY_PATH

8.8 CVSS

Description

Usage of user controlled LD_LIBRARY_PATH in agent in Checkmk 2.2.0p10 up to 2.2.0p16 allows malicious Checkmk site user to escalate rights via injection of malicious libraries

Classification

CVE ID: CVE-2023-31210

CVSS Base Severity: HIGH

CVSS Base Score: 8.8

Affected Products

Vendor: Checkmk GmbH

Product: Checkmk

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.04% (probability of being exploited)

EPSS Percentile: 11.44% (scored less or equal to compared to others)

EPSS Date: 2025-02-03 (when was this score calculated)

References

https://checkmk.com/werk/16226

Timeline

2024-12-03 00:11:15 UTC
CVE

Privilege escalation in agent via LD_LIBRARY_PATH