CVE-2022-48317 — MEDIUM (5.6)

Q: How severe is CVE-2022-48317?

CVE-2022-48317 has been rated MEDIUM with a CVSS base score of 5.6/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2022-48317?

Check the references section above for vendor advisories and patch information. Affected products include: Checkmk Checkmk.

Vulnerability Description

Expired sessions were not securely terminated in the RestAPI for Tribe29's Checkmk <= 2.1.0p10 and Checkmk <= 2.0.0p28 allowing an attacker to use expired session tokens when communicating with the RestAPI.

CVSS Score

5.6

MEDIUM

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

LOW

Integrity

LOW

Availability

LOW

Affected Products

Vendor	Product	Versions
Checkmk	Checkmk	2.1.0

Related Weaknesses (CWE)

CWE-613

References

https://checkmk.com/werk/14485Vendor Advisory
https://checkmk.com/werk/14485Vendor Advisory

FAQ

What is CVE-2022-48317?

CVE-2022-48317 is a vulnerability with a CVSS score of 5.6 (MEDIUM). Expired sessions were not securely terminated in the RestAPI for Tribe29's Checkmk <= 2.1.0p10 and Checkmk <= 2.0.0p28 allowing an attacker to use expired session tokens when communicating with the Re...

How severe is CVE-2022-48317?

CVE-2022-48317 has been rated MEDIUM with a CVSS base score of 5.6/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2022-48317?

Check the references section above for vendor advisories and patch information. Affected products include: Checkmk Checkmk.