CVE-2024-38865: Livestatus command injection in RestAPI

6.0 CVSS

Description

Improper neutralization of livestatus command delimiters in a specific endpoint within RestAPI of Checkmk prior to 2.2.0p39, 2.3.0p25, and 2.1.0p51 (EOL) allows arbitrary livestatus command execution. Exploitation requires the attacker to have a contact group assigned to their user account and for an event to originate from a host with the same contact group or from an event generated with an unknown host.

Classification

CVE ID: CVE-2024-38865

CVSS Base Severity: MEDIUM

CVSS Base Score: 6.0

CVSS Vector: CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N

Problem Types

CWE-140: Improper Neutralization of Delimiters

Affected Products

Vendor: Checkmk GmbH

Product: Checkmk

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.07% (probability of being exploited)

EPSS Percentile: 22.34% (scored less or equal to compared to others)

EPSS Date: 2025-04-21 (when was this score calculated)

References

https://nvd.nist.gov/vuln/detail/CVE-2024-38865
https://checkmk.com/werk/17028

Timeline

2025-04-10 08:40:11 UTC
CVE

Livestatus command injection in RestAPI