What is the severity of CVE-2024-28826?

CVE-2024-28826 has a high severity rating due to its potential to allow unauthorized file access on the Checkmk site server.

How do I fix CVE-2024-28826?

To fix CVE-2024-28826, upgrade to Checkmk version 2.3.0p4, 2.2.0p27, or 2.1.0p44 or a later version.

What type of vulnerability is CVE-2024-28826?

CVE-2024-28826 is classified as a privilege escalation vulnerability affecting configuration settings.

Who is affected by CVE-2024-28826?

CVE-2024-28826 affects users of Checkmk versions prior to 2.3.0p4, 2.2.0p27, and 2.1.0p44.

What does CVE-2024-28826 allow attackers to do?

CVE-2024-28826 allows attackers with sufficient permissions to read and write local files on the Checkmk site server.

Vulnerability/
CVE-2024-28826

high

8.8

CWE

73 610

29/5/2024

4/12/2024

CVE-2024-28826: Unrestricted upload and download paths in check_sftp

First published: Wed May 29 2024(Updated: )

Improper restriction of local upload and download paths in check_sftp in Checkmk before 2.3.0p4, 2.2.0p27, 2.1.0p44, and in Checkmk 2.0.0 (EOL) allows attackers with sufficient permissions to configure the check to read and write local files on the Checkmk site server.

Credit: security@checkmk.com

Affected Software	Affected Version	How to fix
Checkmk NagVis	<=2.0.0
Checkmk NagVis	=2.1.0
Checkmk NagVis	=2.1.0-b1
Checkmk NagVis	=2.1.0-b2
Checkmk NagVis	=2.1.0-b3
Checkmk NagVis	=2.1.0-b4
Checkmk NagVis	=2.1.0-b5
Checkmk NagVis	=2.1.0-b6
Checkmk NagVis	=2.1.0-b7
Checkmk NagVis	=2.1.0-b8
Checkmk NagVis	=2.1.0-b9
Checkmk NagVis	=2.1.0-p1
Checkmk NagVis	=2.1.0-p10
Checkmk NagVis	=2.1.0-p11
Checkmk NagVis	=2.1.0-p12
Checkmk NagVis	=2.1.0-p13
Checkmk NagVis	=2.1.0-p14
Checkmk NagVis	=2.1.0-p15
Checkmk NagVis	=2.1.0-p16
Checkmk NagVis	=2.1.0-p17
Checkmk NagVis	=2.1.0-p18
Checkmk NagVis	=2.1.0-p19
Checkmk NagVis	=2.1.0-p2
Checkmk NagVis	=2.1.0-p20
Checkmk NagVis	=2.1.0-p21
Checkmk NagVis	=2.1.0-p22
Checkmk NagVis	=2.1.0-p23
Checkmk NagVis	=2.1.0-p24
Checkmk NagVis	=2.1.0-p25
Checkmk NagVis	=2.1.0-p26
Checkmk NagVis	=2.1.0-p27
Checkmk NagVis	=2.1.0-p28
Checkmk NagVis	=2.1.0-p29
Checkmk NagVis	=2.1.0-p3
Checkmk NagVis	=2.1.0-p30
Checkmk NagVis	=2.1.0-p31
Checkmk NagVis	=2.1.0-p32
Checkmk NagVis	=2.1.0-p33
Checkmk NagVis	=2.1.0-p34
Checkmk NagVis	=2.1.0-p35
Checkmk NagVis	=2.1.0-p36
Checkmk NagVis	=2.1.0-p37
Checkmk NagVis	=2.1.0-p38
Checkmk NagVis	=2.1.0-p39
Checkmk NagVis	=2.1.0-p4
Checkmk NagVis	=2.1.0-p40
Checkmk NagVis	=2.1.0-p41
Checkmk NagVis	=2.1.0-p42
Checkmk NagVis	=2.1.0-p43
Checkmk NagVis	=2.1.0-p5
Checkmk NagVis	=2.1.0-p6
Checkmk NagVis	=2.1.0-p7
Checkmk NagVis	=2.1.0-p8
Checkmk NagVis	=2.1.0-p9
Checkmk NagVis	=2.2.0
Checkmk NagVis	=2.2.0-b1
Checkmk NagVis	=2.2.0-b2
Checkmk NagVis	=2.2.0-b3
Checkmk NagVis	=2.2.0-b4
Checkmk NagVis	=2.2.0-b5
Checkmk NagVis	=2.2.0-b6
Checkmk NagVis	=2.2.0-b7
Checkmk NagVis	=2.2.0-b8
Checkmk NagVis	=2.2.0-i1
Checkmk NagVis	=2.2.0-p1
Checkmk NagVis	=2.2.0-p10
Checkmk NagVis	=2.2.0-p11
Checkmk NagVis	=2.2.0-p12
Checkmk NagVis	=2.2.0-p13
Checkmk NagVis	=2.2.0-p14
Checkmk NagVis	=2.2.0-p15
Checkmk NagVis	=2.2.0-p16
Checkmk NagVis	=2.2.0-p17
Checkmk NagVis	=2.2.0-p18
Checkmk NagVis	=2.2.0-p19
Checkmk NagVis	=2.2.0-p2
Checkmk NagVis	=2.2.0-p20
Checkmk NagVis	=2.2.0-p21
Checkmk NagVis	=2.2.0-p22
Checkmk NagVis	=2.2.0-p23
Checkmk NagVis	=2.2.0-p24
Checkmk NagVis	=2.2.0-p25
Checkmk NagVis	=2.2.0-p26
Checkmk NagVis	=2.2.0-p3
Checkmk NagVis	=2.2.0-p4
Checkmk NagVis	=2.2.0-p5
Checkmk NagVis	=2.2.0-p6
Checkmk NagVis	=2.2.0-p7
Checkmk NagVis	=2.2.0-p8
Checkmk NagVis	=2.2.0-p9
Checkmk NagVis	=2.3.0
Checkmk NagVis	=2.3.0-b1
Checkmk NagVis	=2.3.0-b2
Checkmk NagVis	=2.3.0-b3
Checkmk NagVis	=2.3.0-b4
Checkmk NagVis	=2.3.0-b5
Checkmk NagVis	=2.3.0-b6
Checkmk NagVis	=2.3.0-p1
Checkmk NagVis	=2.3.0-p2
Checkmk NagVis	=2.3.0-p3

Never miss a vulnerability like this again

Reference Links

https://checkmk.com/werk/15200

Frequently Asked Questions

What is the severity of CVE-2024-28826?
CVE-2024-28826 has a high severity rating due to its potential to allow unauthorized file access on the Checkmk site server.
How do I fix CVE-2024-28826?
To fix CVE-2024-28826, upgrade to Checkmk version 2.3.0p4, 2.2.0p27, or 2.1.0p44 or a later version.
What type of vulnerability is CVE-2024-28826?
CVE-2024-28826 is classified as a privilege escalation vulnerability affecting configuration settings.
Who is affected by CVE-2024-28826?
CVE-2024-28826 affects users of Checkmk versions prior to 2.3.0p4, 2.2.0p27, and 2.1.0p44.
What does CVE-2024-28826 allow attackers to do?
CVE-2024-28826 allows attackers with sufficient permissions to read and write local files on the Checkmk site server.

agent/title
agent/references
agent/first-publish-date
agent/type
agent/description
agent/author
agent/event
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/severity
agent/weakness
agent/softwarecombine
agent/source
agent/tags
collector/nvd-api
source/NVD
agent/software-canonical-lookup
agent/software-canonical-lookup-request
vendor/checkmk
canonical/checkmk nagvis
version/checkmk nagvis/2.0.0
version/checkmk nagvis/2.1.0
version/checkmk nagvis/2.1.0-b1
version/checkmk nagvis/2.1.0-b2
version/checkmk nagvis/2.1.0-b3
version/checkmk nagvis/2.1.0-b4
version/checkmk nagvis/2.1.0-b5
version/checkmk nagvis/2.1.0-b6
version/checkmk nagvis/2.1.0-b7
version/checkmk nagvis/2.1.0-b8
version/checkmk nagvis/2.1.0-b9
version/checkmk nagvis/2.1.0-p1
version/checkmk nagvis/2.1.0-p10
version/checkmk nagvis/2.1.0-p11
version/checkmk nagvis/2.1.0-p12
version/checkmk nagvis/2.1.0-p13
version/checkmk nagvis/2.1.0-p14
version/checkmk nagvis/2.1.0-p15
version/checkmk nagvis/2.1.0-p16
version/checkmk nagvis/2.1.0-p17
version/checkmk nagvis/2.1.0-p18
version/checkmk nagvis/2.1.0-p19
version/checkmk nagvis/2.1.0-p2
version/checkmk nagvis/2.1.0-p20
version/checkmk nagvis/2.1.0-p21
version/checkmk nagvis/2.1.0-p22
version/checkmk nagvis/2.1.0-p23
version/checkmk nagvis/2.1.0-p24
version/checkmk nagvis/2.1.0-p25
version/checkmk nagvis/2.1.0-p26
version/checkmk nagvis/2.1.0-p27
version/checkmk nagvis/2.1.0-p28
version/checkmk nagvis/2.1.0-p29
version/checkmk nagvis/2.1.0-p3
version/checkmk nagvis/2.1.0-p30
version/checkmk nagvis/2.1.0-p31
version/checkmk nagvis/2.1.0-p32
version/checkmk nagvis/2.1.0-p33
version/checkmk nagvis/2.1.0-p34
version/checkmk nagvis/2.1.0-p35
version/checkmk nagvis/2.1.0-p36
version/checkmk nagvis/2.1.0-p37
version/checkmk nagvis/2.1.0-p38
version/checkmk nagvis/2.1.0-p39
version/checkmk nagvis/2.1.0-p4
version/checkmk nagvis/2.1.0-p40
version/checkmk nagvis/2.1.0-p41
version/checkmk nagvis/2.1.0-p42
version/checkmk nagvis/2.1.0-p43
version/checkmk nagvis/2.1.0-p5
version/checkmk nagvis/2.1.0-p6
version/checkmk nagvis/2.1.0-p7
version/checkmk nagvis/2.1.0-p8
version/checkmk nagvis/2.1.0-p9
version/checkmk nagvis/2.2.0
version/checkmk nagvis/2.2.0-b1
version/checkmk nagvis/2.2.0-b2
version/checkmk nagvis/2.2.0-b3
version/checkmk nagvis/2.2.0-b4
version/checkmk nagvis/2.2.0-b5
version/checkmk nagvis/2.2.0-b6
version/checkmk nagvis/2.2.0-b7
version/checkmk nagvis/2.2.0-b8
version/checkmk nagvis/2.2.0-i1
version/checkmk nagvis/2.2.0-p1
version/checkmk nagvis/2.2.0-p10
version/checkmk nagvis/2.2.0-p11
version/checkmk nagvis/2.2.0-p12
version/checkmk nagvis/2.2.0-p13
version/checkmk nagvis/2.2.0-p14
version/checkmk nagvis/2.2.0-p15
version/checkmk nagvis/2.2.0-p16
version/checkmk nagvis/2.2.0-p17
version/checkmk nagvis/2.2.0-p18
version/checkmk nagvis/2.2.0-p19
version/checkmk nagvis/2.2.0-p2
version/checkmk nagvis/2.2.0-p20
version/checkmk nagvis/2.2.0-p21
version/checkmk nagvis/2.2.0-p22
version/checkmk nagvis/2.2.0-p23
version/checkmk nagvis/2.2.0-p24
version/checkmk nagvis/2.2.0-p25
version/checkmk nagvis/2.2.0-p26
version/checkmk nagvis/2.2.0-p3
version/checkmk nagvis/2.2.0-p4
version/checkmk nagvis/2.2.0-p5
version/checkmk nagvis/2.2.0-p6
version/checkmk nagvis/2.2.0-p7
version/checkmk nagvis/2.2.0-p8
version/checkmk nagvis/2.2.0-p9
version/checkmk nagvis/2.3.0
version/checkmk nagvis/2.3.0-b1
version/checkmk nagvis/2.3.0-b2
version/checkmk nagvis/2.3.0-b3
version/checkmk nagvis/2.3.0-b4
version/checkmk nagvis/2.3.0-b5
version/checkmk nagvis/2.3.0-b6
version/checkmk nagvis/2.3.0-p1
version/checkmk nagvis/2.3.0-p2
version/checkmk nagvis/2.3.0-p3