CVSS: 7.8EPSS: 0%CPEs: 71EXPL: 0CVE-2022-33912
https://notcve.org/view.php?id=CVE-2022-33912
A permission issue affects users that deployed the shipped version of the Checkmk Debian package. Packages created by the agent bakery (enterprise editions only) were not affected. Using the shipped version of the agents, the maintainer scripts located at /var/lib/dpkg/info/ will be owned by the user and the group with ID 1001. If such a user exists on the system, they can change the content of these files (which are then executed by root). This leads to a local privilege escalation on the monitored host. • https://checkmk.com/werk/14098 • CWE-276: Incorrect Default Permissions •
CVSS: 8.2EPSS: 0%CPEs: 88EXPL: 0CVE-2022-31258
https://notcve.org/view.php?id=CVE-2022-31258
In Checkmk before 1.6.0p29, 2.x before 2.0.0p25, and 2.1.x before 2.1.0b10, a site user can escalate to root by editing an OMD hook symlink. En Checkmk versiones anteriores a 1.6.0p29, 2.x anteriores a 2.0.0p25, y 2.1.x anteriores a 2.1.0b10, un usuario del sitio puede escalar a root editando un enlace simbólico del hook OMD • https://checkmk.com/werk/13902 https://forum.checkmk.com/c/announcements/18 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •