Least Privilege Violation

CVE-2024-28824

High

8.8/10

Summary

Least privilege violation and reliance on untrusted inputs in the mk_informix Checkmk agent plugin before Checkmk 2.3.0b4 (beta), 2.2.0p24, 2.1.0p41 and 2.0.0 (EOL) allows local users to escalate privileges.

Attack Complexity: LOW
Attack Vector: LOCAL
Integrity Impact: HIGH
Scope: CHANGED
User Interaction: NONE
Privileges Required: LOW
Confidentiality Impact: HIGH
Availability Impact: HIGH

CWE-272 - Least Privilege Violation

The elevated privilege level required to perform operations such as chroot() should be dropped immediately after the operation is performed.

References

Advisory Timeline

Published Mar 22, 2024

Least Privilege Violation

CVE-2024-28824

Summary

CWE-272 - Least Privilege Violation

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS