First published: Mon Nov 27 2023(Updated: )
Sensitive data exposure in Webconf in Tribe29 Checkmk Appliance before 1.6.8 allows local attacker to retrieve passwords via reading log files.
Credit: security@checkmk.com
Affected Software | Affected Version | How to fix |
---|---|---|
Tribe29 Checkmk Appliance Firmware | <1.6.8 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2023-6287 is a vulnerability that allows a local attacker to retrieve passwords via reading log files in Tribe29 Checkmk Appliance before version 1.6.8.
The severity of CVE-2023-6287 is medium, with a CVSS score of 5.5.
CVE-2023-6287 affects Tribe29 Checkmk Appliance firmware versions up to exclusive version 1.6.8.
A local attacker can exploit CVE-2023-6287 by reading log files on the Checkmk Appliance to retrieve sensitive passwords.
Yes, upgrading Tribe29 Checkmk Appliance firmware to version 1.6.8 or later will fix the CVE-2023-6287 vulnerability.