Insecure Termination of Expired Sessions in Tribe29's Checkmk RestAPI

Insecure Termination of Expired Sessions in Tribe29's Checkmk RestAPI

CVE-2022-48317 · CRITICAL Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Expired sessions were not securely terminated in the RestAPI for Tribe29's Checkmk <= 2.1.0p10 and Checkmk <= 2.0.0p28 allowing an attacker to use expired session tokens when communicating with the RestAPI.

Learn more about our Api Penetration Testing.