Least Privilege Violation

CVE-2024-28829

Medium

5.2/10

Summary

Least privilege violation and reliance on untrusted inputs in the mk_informix Checkmk agent plugin before Checkmk 2.3.0p12, 2.2.0p32, 2.1.0p47 and 2.0.0 (EOL) allows local users to escalate privileges.

Attack Complexity: LOW
Attack Vector: LOCAL
Integrity Impact: HIGH
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: LOW
Confidentiality Impact: HIGH
Availability Impact: HIGH

CWE-272 - Least Privilege Violation

The elevated privilege level required to perform operations such as chroot() should be dropped immediately after the operation is performed.

References

Advisory Timeline

Published Aug 20, 2024

Least Privilege Violation

CVE-2024-28829

Summary

CWE-272 - Least Privilege Violation

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS