Invocation of Process Using Visible Sensitive Information

CVE-2024-1742

Low

3.8/10

Summary

Invocation of the sqlplus command with sensitive information in the command line in the mk_oracle Checkmk agent plugin before Checkmk 2.3.0b4 (beta), 2.2.0p24, 2.1.0p41 and 2.0.0 (EOL) allows the extraction of this information from the process list.

Attack Complexity: LOW
Attack Vector: LOCAL
Integrity Impact: NONE
Scope: CHANGED
User Interaction: NONE
Privileges Required: LOW
Confidentiality Impact: LOW
Availability Impact: NONE

CWE-214 - Invocation of Process Using Visible Sensitive Information

A process is invoked with sensitive command-line arguments, environment variables, or other elements that can be seen by other processes on the operating system.

References

Advisory Timeline

Published Mar 22, 2024

Invocation of Process Using Visible Sensitive Information

CVE-2024-1742

Summary

CWE-214 - Invocation of Process Using Visible Sensitive Information

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS