icon

We found results for “

CVE-2024-38865

Good to know:

icon

Date: April 10, 2025

Improper neutralization of livestatus command delimiters in a specific endpoint within RestAPI of Checkmk prior to 2.2.0p39, 2.3.0p25, and 2.1.0p51 (EOL) allows arbitrary livestatus command execution. Exploitation requires the attacker to have a contact group assigned to their user account and for an event to originate from a host with the same contact group or from an event generated with an unknown host.

Severity Score

Severity Score

Weakness Type (CWE)

Improper Neutralization of Delimiters

CWE-140

Top Fix

icon

Upgrade Version

Upgrade to version https://github.com/Checkmk/checkmk.git - v2.2.0p39;https://github.com/Checkmk/checkmk.git - v2.3.0p25

Learn More

CVSS v3.1

Base Score:
Attack Vector (AV): NETWORK
Attack Complexity (AC): LOW
Privileges Required (PR): LOW
User Interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality (C): HIGH
Integrity (I): HIGH
Availability (A): HIGH

Do you need more information?

Contact Us