What is CVE-2022-48321?

CVE-2022-48321 is a vulnerability in Tribe29's Checkmk <= 2.1.0p11 that allows an attacker to communicate with local network restricted endpoints by using the host registration API.

What is the severity of CVE-2022-48321?

CVE-2022-48321 has a severity rating of 7.8, which is classified as high.

How does CVE-2022-48321 affect Tribe29 Checkmk?

CVE-2022-48321 affects Tribe29 Checkmk versions 2.1.0 to 2.1.0p11, including the beta versions.

How can an attacker exploit CVE-2022-48321?

An attacker can exploit CVE-2022-48321 by performing a limited Server-Side Request Forgery (SSRF) in the agent-receiver component of Tribe29 Checkmk, allowing them to communicate with restricted local network endpoints.

Is there a fix for CVE-2022-48321?

Yes, there is a fix available for CVE-2022-48321. Users should update to Checkmk version 2.1.0p12 or a later version to mitigate the vulnerability.

Vulnerability/
CVE-2022-48321

high

7.8

CWE

918 20

20/2/2023

3/8/2024

CVE-2022-48321: SSRF in agent-receiver API

Q: What is the severity of CVE-2022-48321?

CVE-2022-48321 has a severity rating of 7.8, which is classified as high.

Q: How does CVE-2022-48321 affect Tribe29 Checkmk?

CVE-2022-48321 affects Tribe29 Checkmk versions 2.1.0 to 2.1.0p11, including the beta versions.

Q: How can an attacker exploit CVE-2022-48321?

An attacker can exploit CVE-2022-48321 by performing a limited Server-Side Request Forgery (SSRF) in the agent-receiver component of Tribe29 Checkmk, allowing them to communicate with restricted local network endpoints.

Q: Is there a fix for CVE-2022-48321?

Yes, there is a fix available for CVE-2022-48321. Users should update to Checkmk version 2.1.0p12 or a later version to mitigate the vulnerability.

First published: Mon Feb 20 2023(Updated: )

Limited Server-Side Request Forgery (SSRF) in agent-receiver in Tribe29's Checkmk <= 2.1.0p11 allows an attacker to communicate with local network restricted endpoints by use of the host registration API.

Credit: security@checkmk.com security@checkmk.com

Affected Software	Affected Version	How to fix
Tribe29 Checkmk	=2.1.0
Tribe29 Checkmk	=2.1.0-b1
Tribe29 Checkmk	=2.1.0-b2
Tribe29 Checkmk	=2.1.0-b3
Tribe29 Checkmk	=2.1.0-b4
Tribe29 Checkmk	=2.1.0-b5
Tribe29 Checkmk	=2.1.0-b6
Tribe29 Checkmk	=2.1.0-b7
Tribe29 Checkmk	=2.1.0-b8
Tribe29 Checkmk	=2.1.0-b9
Tribe29 Checkmk	=2.1.0-p1
Tribe29 Checkmk	=2.1.0-p10
Tribe29 Checkmk	=2.1.0-p11
Tribe29 Checkmk	=2.1.0-p2
Tribe29 Checkmk	=2.1.0-p3
Tribe29 Checkmk	=2.1.0-p4
Tribe29 Checkmk	=2.1.0-p5
Tribe29 Checkmk	=2.1.0-p6
Tribe29 Checkmk	=2.1.0-p7
Tribe29 Checkmk	=2.1.0-p8
Tribe29 Checkmk	=2.1.0-p9
Checkmk Checkmk	=2.1.0
Checkmk Checkmk	=2.1.0-b1
Checkmk Checkmk	=2.1.0-b2
Checkmk Checkmk	=2.1.0-b3
Checkmk Checkmk	=2.1.0-b4
Checkmk Checkmk	=2.1.0-b5
Checkmk Checkmk	=2.1.0-b6
Checkmk Checkmk	=2.1.0-b7
Checkmk Checkmk	=2.1.0-b8
Checkmk Checkmk	=2.1.0-b9
Checkmk Checkmk	=2.1.0-p1
Checkmk Checkmk	=2.1.0-p10
Checkmk Checkmk	=2.1.0-p11
Checkmk Checkmk	=2.1.0-p2
Checkmk Checkmk	=2.1.0-p3
Checkmk Checkmk	=2.1.0-p4
Checkmk Checkmk	=2.1.0-p5
Checkmk Checkmk	=2.1.0-p6
Checkmk Checkmk	=2.1.0-p7
Checkmk Checkmk	=2.1.0-p8
Checkmk Checkmk	=2.1.0-p9

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is CVE-2022-48321?
CVE-2022-48321 is a vulnerability in Tribe29's Checkmk <= 2.1.0p11 that allows an attacker to communicate with local network restricted endpoints by using the host registration API.
What is the severity of CVE-2022-48321?
CVE-2022-48321 has a severity rating of 7.8, which is classified as high.
How does CVE-2022-48321 affect Tribe29 Checkmk?
CVE-2022-48321 affects Tribe29 Checkmk versions 2.1.0 to 2.1.0p11, including the beta versions.
How can an attacker exploit CVE-2022-48321?
An attacker can exploit CVE-2022-48321 by performing a limited Server-Side Request Forgery (SSRF) in the agent-receiver component of Tribe29 Checkmk, allowing them to communicate with restricted local network endpoints.
Is there a fix for CVE-2022-48321?
Yes, there is a fix available for CVE-2022-48321. Users should update to Checkmk version 2.1.0p12 or a later version to mitigate the vulnerability.

collector/nvd-index
agent/weakness
agent/author
agent/references
agent/type
collector/nvd-api
source/NVD
agent/software-canonical-lookup
agent/description
agent/softwarecombine
collector/mitre-cve
source/MITRE
agent/severity
agent/title
agent/last-modified-date
agent/first-publish-date
agent/event
agent/tags
vendor/tribe29
canonical/tribe29 checkmk
version/tribe29 checkmk/2.1.0
version/tribe29 checkmk/2.1.0-b1
version/tribe29 checkmk/2.1.0-b2
version/tribe29 checkmk/2.1.0-b3
version/tribe29 checkmk/2.1.0-b4
version/tribe29 checkmk/2.1.0-b5
version/tribe29 checkmk/2.1.0-b6
version/tribe29 checkmk/2.1.0-b7
version/tribe29 checkmk/2.1.0-b8
version/tribe29 checkmk/2.1.0-b9
version/tribe29 checkmk/2.1.0-p1
version/tribe29 checkmk/2.1.0-p10
version/tribe29 checkmk/2.1.0-p11
version/tribe29 checkmk/2.1.0-p2
version/tribe29 checkmk/2.1.0-p3
version/tribe29 checkmk/2.1.0-p4
version/tribe29 checkmk/2.1.0-p5
version/tribe29 checkmk/2.1.0-p6
version/tribe29 checkmk/2.1.0-p7
version/tribe29 checkmk/2.1.0-p8
version/tribe29 checkmk/2.1.0-p9
vendor/checkmk
canonical/checkmk checkmk
version/checkmk checkmk/2.1.0
version/checkmk checkmk/2.1.0-b1
version/checkmk checkmk/2.1.0-b2
version/checkmk checkmk/2.1.0-b3
version/checkmk checkmk/2.1.0-b4
version/checkmk checkmk/2.1.0-b5
version/checkmk checkmk/2.1.0-b6
version/checkmk checkmk/2.1.0-b7
version/checkmk checkmk/2.1.0-b8
version/checkmk checkmk/2.1.0-b9
version/checkmk checkmk/2.1.0-p1
version/checkmk checkmk/2.1.0-p10
version/checkmk checkmk/2.1.0-p11
version/checkmk checkmk/2.1.0-p2
version/checkmk checkmk/2.1.0-p3
version/checkmk checkmk/2.1.0-p4
version/checkmk checkmk/2.1.0-p5
version/checkmk checkmk/2.1.0-p6
version/checkmk checkmk/2.1.0-p7
version/checkmk checkmk/2.1.0-p8
version/checkmk checkmk/2.1.0-p9