CVE-2023-6740

Privilege escalation in jar_signature agent plugin in Checkmk before 2.2.0p18, 2.1.0p38 and 2.0.0p39 allows local user to escalate privileges

Weakness

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

Affected Software

Name	Vendor	Start Version	End Version
Checkmk	Tribe29	*	2.0.0 (including)
Checkmk	Tribe29	2.0.0-b1 (including)	2.0.0-b1 (including)
Checkmk	Tribe29	2.0.0-b2 (including)	2.0.0-b2 (including)
Checkmk	Tribe29	2.0.0-b3 (including)	2.0.0-b3 (including)
Checkmk	Tribe29	2.0.0-b4 (including)	2.0.0-b4 (including)
Checkmk	Tribe29	2.0.0-b5 (including)	2.0.0-b5 (including)
Checkmk	Tribe29	2.0.0-b6 (including)	2.0.0-b6 (including)
Checkmk	Tribe29	2.0.0-b7 (including)	2.0.0-b7 (including)
Checkmk	Tribe29	2.0.0-b8 (including)	2.0.0-b8 (including)
Checkmk	Tribe29	2.0.0-i1 (including)	2.0.0-i1 (including)
Checkmk	Tribe29	2.0.0-p1 (including)	2.0.0-p1 (including)
Checkmk	Tribe29	2.0.0-p10 (including)	2.0.0-p10 (including)
Checkmk	Tribe29	2.0.0-p11 (including)	2.0.0-p11 (including)
Checkmk	Tribe29	2.0.0-p12 (including)	2.0.0-p12 (including)
Checkmk	Tribe29	2.0.0-p13 (including)	2.0.0-p13 (including)
Checkmk	Tribe29	2.0.0-p14 (including)	2.0.0-p14 (including)
Checkmk	Tribe29	2.0.0-p15 (including)	2.0.0-p15 (including)
Checkmk	Tribe29	2.0.0-p16 (including)	2.0.0-p16 (including)
Checkmk	Tribe29	2.0.0-p17 (including)	2.0.0-p17 (including)
Checkmk	Tribe29	2.0.0-p18 (including)	2.0.0-p18 (including)
Checkmk	Tribe29	2.0.0-p19 (including)	2.0.0-p19 (including)
Checkmk	Tribe29	2.0.0-p2 (including)	2.0.0-p2 (including)
Checkmk	Tribe29	2.0.0-p20 (including)	2.0.0-p20 (including)
Checkmk	Tribe29	2.0.0-p21 (including)	2.0.0-p21 (including)
Checkmk	Tribe29	2.0.0-p22 (including)	2.0.0-p22 (including)
Checkmk	Tribe29	2.0.0-p23 (including)	2.0.0-p23 (including)
Checkmk	Tribe29	2.0.0-p24 (including)	2.0.0-p24 (including)
Checkmk	Tribe29	2.0.0-p25 (including)	2.0.0-p25 (including)
Checkmk	Tribe29	2.0.0-p26 (including)	2.0.0-p26 (including)
Checkmk	Tribe29	2.0.0-p27 (including)	2.0.0-p27 (including)
Checkmk	Tribe29	2.0.0-p28 (including)	2.0.0-p28 (including)
Checkmk	Tribe29	2.0.0-p29 (including)	2.0.0-p29 (including)
Checkmk	Tribe29	2.0.0-p3 (including)	2.0.0-p3 (including)
Checkmk	Tribe29	2.0.0-p30 (including)	2.0.0-p30 (including)
Checkmk	Tribe29	2.0.0-p31 (including)	2.0.0-p31 (including)
Checkmk	Tribe29	2.0.0-p32 (including)	2.0.0-p32 (including)
Checkmk	Tribe29	2.0.0-p33 (including)	2.0.0-p33 (including)
Checkmk	Tribe29	2.0.0-p34 (including)	2.0.0-p34 (including)
Checkmk	Tribe29	2.0.0-p35 (including)	2.0.0-p35 (including)
Checkmk	Tribe29	2.0.0-p36 (including)	2.0.0-p36 (including)
Checkmk	Tribe29	2.0.0-p37 (including)	2.0.0-p37 (including)
Checkmk	Tribe29	2.0.0-p38 (including)	2.0.0-p38 (including)
Checkmk	Tribe29	2.0.0-p4 (including)	2.0.0-p4 (including)
Checkmk	Tribe29	2.0.0-p5 (including)	2.0.0-p5 (including)
Checkmk	Tribe29	2.0.0-p6 (including)	2.0.0-p6 (including)
Checkmk	Tribe29	2.0.0-p7 (including)	2.0.0-p7 (including)
Checkmk	Tribe29	2.0.0-p8 (including)	2.0.0-p8 (including)
Checkmk	Tribe29	2.0.0-p9 (including)	2.0.0-p9 (including)
Checkmk	Tribe29	2.1.0 (including)	2.1.0 (including)
Checkmk	Tribe29	2.1.0-b1 (including)	2.1.0-b1 (including)
Checkmk	Tribe29	2.1.0-b2 (including)	2.1.0-b2 (including)
Checkmk	Tribe29	2.1.0-b3 (including)	2.1.0-b3 (including)
Checkmk	Tribe29	2.1.0-b4 (including)	2.1.0-b4 (including)
Checkmk	Tribe29	2.1.0-b5 (including)	2.1.0-b5 (including)
Checkmk	Tribe29	2.1.0-b6 (including)	2.1.0-b6 (including)
Checkmk	Tribe29	2.1.0-b7 (including)	2.1.0-b7 (including)
Checkmk	Tribe29	2.1.0-b8 (including)	2.1.0-b8 (including)
Checkmk	Tribe29	2.1.0-b9 (including)	2.1.0-b9 (including)
Checkmk	Tribe29	2.1.0-p1 (including)	2.1.0-p1 (including)
Checkmk	Tribe29	2.1.0-p10 (including)	2.1.0-p10 (including)
Checkmk	Tribe29	2.1.0-p11 (including)	2.1.0-p11 (including)
Checkmk	Tribe29	2.1.0-p12 (including)	2.1.0-p12 (including)
Checkmk	Tribe29	2.1.0-p13 (including)	2.1.0-p13 (including)
Checkmk	Tribe29	2.1.0-p14 (including)	2.1.0-p14 (including)
Checkmk	Tribe29	2.1.0-p15 (including)	2.1.0-p15 (including)
Checkmk	Tribe29	2.1.0-p16 (including)	2.1.0-p16 (including)
Checkmk	Tribe29	2.1.0-p17 (including)	2.1.0-p17 (including)
Checkmk	Tribe29	2.1.0-p18 (including)	2.1.0-p18 (including)
Checkmk	Tribe29	2.1.0-p19 (including)	2.1.0-p19 (including)
Checkmk	Tribe29	2.1.0-p2 (including)	2.1.0-p2 (including)
Checkmk	Tribe29	2.1.0-p20 (including)	2.1.0-p20 (including)
Checkmk	Tribe29	2.1.0-p21 (including)	2.1.0-p21 (including)
Checkmk	Tribe29	2.1.0-p22 (including)	2.1.0-p22 (including)
Checkmk	Tribe29	2.1.0-p23 (including)	2.1.0-p23 (including)
Checkmk	Tribe29	2.1.0-p24 (including)	2.1.0-p24 (including)
Checkmk	Tribe29	2.1.0-p25 (including)	2.1.0-p25 (including)
Checkmk	Tribe29	2.1.0-p26 (including)	2.1.0-p26 (including)
Checkmk	Tribe29	2.1.0-p27 (including)	2.1.0-p27 (including)
Checkmk	Tribe29	2.1.0-p28 (including)	2.1.0-p28 (including)
Checkmk	Tribe29	2.1.0-p29 (including)	2.1.0-p29 (including)
Checkmk	Tribe29	2.1.0-p3 (including)	2.1.0-p3 (including)
Checkmk	Tribe29	2.1.0-p30 (including)	2.1.0-p30 (including)
Checkmk	Tribe29	2.1.0-p31 (including)	2.1.0-p31 (including)
Checkmk	Tribe29	2.1.0-p32 (including)	2.1.0-p32 (including)
Checkmk	Tribe29	2.1.0-p33 (including)	2.1.0-p33 (including)
Checkmk	Tribe29	2.1.0-p34 (including)	2.1.0-p34 (including)
Checkmk	Tribe29	2.1.0-p35 (including)	2.1.0-p35 (including)
Checkmk	Tribe29	2.1.0-p36 (including)	2.1.0-p36 (including)
Checkmk	Tribe29	2.1.0-p37 (including)	2.1.0-p37 (including)
Checkmk	Tribe29	2.1.0-p4 (including)	2.1.0-p4 (including)
Checkmk	Tribe29	2.1.0-p5 (including)	2.1.0-p5 (including)
Checkmk	Tribe29	2.1.0-p6 (including)	2.1.0-p6 (including)
Checkmk	Tribe29	2.1.0-p7 (including)	2.1.0-p7 (including)
Checkmk	Tribe29	2.1.0-p8 (including)	2.1.0-p8 (including)
Checkmk	Tribe29	2.1.0-p9 (including)	2.1.0-p9 (including)
Checkmk	Tribe29	2.2.0 (including)	2.2.0 (including)
Checkmk	Tribe29	2.2.0-b1 (including)	2.2.0-b1 (including)
Checkmk	Tribe29	2.2.0-b2 (including)	2.2.0-b2 (including)
Checkmk	Tribe29	2.2.0-b3 (including)	2.2.0-b3 (including)
Checkmk	Tribe29	2.2.0-b4 (including)	2.2.0-b4 (including)
Checkmk	Tribe29	2.2.0-b5 (including)	2.2.0-b5 (including)
Checkmk	Tribe29	2.2.0-b6 (including)	2.2.0-b6 (including)
Checkmk	Tribe29	2.2.0-b7 (including)	2.2.0-b7 (including)
Checkmk	Tribe29	2.2.0-b8 (including)	2.2.0-b8 (including)
Checkmk	Tribe29	2.2.0-i1 (including)	2.2.0-i1 (including)
Checkmk	Tribe29	2.2.0-p1 (including)	2.2.0-p1 (including)
Checkmk	Tribe29	2.2.0-p10 (including)	2.2.0-p10 (including)
Checkmk	Tribe29	2.2.0-p11 (including)	2.2.0-p11 (including)
Checkmk	Tribe29	2.2.0-p12 (including)	2.2.0-p12 (including)
Checkmk	Tribe29	2.2.0-p13 (including)	2.2.0-p13 (including)
Checkmk	Tribe29	2.2.0-p14 (including)	2.2.0-p14 (including)
Checkmk	Tribe29	2.2.0-p15 (including)	2.2.0-p15 (including)
Checkmk	Tribe29	2.2.0-p16 (including)	2.2.0-p16 (including)
Checkmk	Tribe29	2.2.0-p17 (including)	2.2.0-p17 (including)
Checkmk	Tribe29	2.2.0-p2 (including)	2.2.0-p2 (including)
Checkmk	Tribe29	2.2.0-p3 (including)	2.2.0-p3 (including)
Checkmk	Tribe29	2.2.0-p4 (including)	2.2.0-p4 (including)
Checkmk	Tribe29	2.2.0-p5 (including)	2.2.0-p5 (including)
Check-mk	Ubuntu	bionic	*
Check-mk	Ubuntu	trusty	*
Check-mk	Ubuntu	xenial	*

Potential Mitigations

References

https://checkmk.com/werk/16163

NVD	https://nvd.nist.gov/vuln/detail/CVE-2023-6740
CWE	https://cwe.mitre.org/data/definitions/269.html

Improper Privilege Management

Weakness

Affected Software

Potential Mitigations

Related Attack Patterns

References