Host Secret Disclosure in Checkmk Agent Updater Log File

Host Secret Disclosure in Checkmk Agent Updater Log File

CVE-2022-48319 · MEDIUM Severity

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Sensitive host secret disclosed in cmk-update-agent.log file in Tribe29's Checkmk <= 2.1.0p13, Checkmk <= 2.0.0p29, and all versions of Checkmk 1.6.0 (EOL) allows an attacker to gain access to the host secret through the unprotected agent updater log file.

Learn more about our Web Application Penetration Testing UK.