Livestatus Query Language (LQL) injection in the AuthUser HTTP query header of Tribe29s Checkmk <= 2.1.0p11, Checkmk <= 2.0.0p28, and all versions of Checkmk 1.6.0 (EOL) allows an attacker to perform direct queries to the applications core from localhost.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Checkmk | Tribe29 | 2.1.0 (including) | 2.1.0 (including) |
Checkmk | Tribe29 | 2.1.0-b1 (including) | 2.1.0-b1 (including) |
Checkmk | Tribe29 | 2.1.0-b2 (including) | 2.1.0-b2 (including) |
Checkmk | Tribe29 | 2.1.0-b3 (including) | 2.1.0-b3 (including) |
Checkmk | Tribe29 | 2.1.0-b4 (including) | 2.1.0-b4 (including) |
Checkmk | Tribe29 | 2.1.0-b5 (including) | 2.1.0-b5 (including) |
Checkmk | Tribe29 | 2.1.0-b6 (including) | 2.1.0-b6 (including) |
Checkmk | Tribe29 | 2.1.0-b7 (including) | 2.1.0-b7 (including) |
Checkmk | Tribe29 | 2.1.0-b8 (including) | 2.1.0-b8 (including) |
Checkmk | Tribe29 | 2.1.0-b9 (including) | 2.1.0-b9 (including) |
Checkmk | Tribe29 | 2.1.0-p1 (including) | 2.1.0-p1 (including) |
Checkmk | Tribe29 | 2.1.0-p10 (including) | 2.1.0-p10 (including) |
Checkmk | Tribe29 | 2.1.0-p11 (including) | 2.1.0-p11 (including) |
Checkmk | Tribe29 | 2.1.0-p2 (including) | 2.1.0-p2 (including) |
Checkmk | Tribe29 | 2.1.0-p3 (including) | 2.1.0-p3 (including) |
Checkmk | Tribe29 | 2.1.0-p4 (including) | 2.1.0-p4 (including) |
Checkmk | Tribe29 | 2.1.0-p5 (including) | 2.1.0-p5 (including) |
Checkmk | Tribe29 | 2.1.0-p6 (including) | 2.1.0-p6 (including) |
Checkmk | Tribe29 | 2.1.0-p7 (including) | 2.1.0-p7 (including) |
Checkmk | Tribe29 | 2.1.0-p8 (including) | 2.1.0-p8 (including) |
Checkmk | Tribe29 | 2.1.0-p9 (including) | 2.1.0-p9 (including) |