// For flags

CVE-2024-0638

Privilege escalation in mk_oracle plugins

Severity Score

8.2
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

Track*
*SSVC
Descriptions

Least privilege violation in the Checkmk agent plugins mk_oracle, mk_oracle.ps1, and mk_oracle_crs before Checkmk 2.3.0b4 (beta), 2.2.0p24, 2.1.0p41 and 2.0.0 (EOL) allows local users to escalate privileges.

La violación mínima de privilegios en los complementos del agente Checkmk mk_oracle, mk_oracle.ps1 y mk_oracle_crs antes de Checkmk 2.3.0b4 (beta), 2.2.0p24, 2.1.0p41 y 2.0.0 (EOL) permite a los usuarios locales escalar privilegios.

*Credits: N/A
CVSS Scores
Attack Vector
Local
Attack Complexity
Low
Privileges Required
High
User Interaction
None
Scope
Changed
Confidentiality
High
Integrity
High
Availability
High
* Common Vulnerability Scoring System
SSVC
  • Decision:Track*
Exploitation
None
Automatable
No
Tech. Impact
Total
* Organization's Worst-case Scenario
Timeline
  • 2024-01-17 CVE Reserved
  • 2024-03-22 CVE Published
  • 2024-03-23 EPSS Updated
  • 2024-08-02 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-272: Least Privilege Violation
CAPEC
  • CAPEC-233: Privilege Escalation
References (1)
URL Tag Source
https://checkmk.com/werk/16232
URL Date SRC
URL Date SRC
URL Date SRC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Checkmk GmbH
Search vendor "Checkmk GmbH"
 Checkmk
Search vendor "Checkmk GmbH" for product "Checkmk"
 >= 2.3.0 < 2.3.0b4
Search vendor "Checkmk GmbH" for product "Checkmk" and version " >= 2.3.0 < 2.3.0b4"
en
Affected
Checkmk GmbH
Search vendor "Checkmk GmbH"
 Checkmk
Search vendor "Checkmk GmbH" for product "Checkmk"
 >= 2.2.0 < 2.2.0p24
Search vendor "Checkmk GmbH" for product "Checkmk" and version " >= 2.2.0 < 2.2.0p24"
en
Affected
Checkmk GmbH
Search vendor "Checkmk GmbH"
 Checkmk
Search vendor "Checkmk GmbH" for product "Checkmk"
 >= 2.1.0 < 2.1.0p41
Search vendor "Checkmk GmbH" for product "Checkmk" and version " >= 2.1.0 < 2.1.0p41"
en
Affected
Checkmk GmbH
Search vendor "Checkmk GmbH"
 Checkmk
Search vendor "Checkmk GmbH" for product "Checkmk"
 >= 2.0.0 <= 2.0.0p39
Search vendor "Checkmk GmbH" for product "Checkmk" and version " >= 2.0.0 <= 2.0.0p39"
en
Affected