Livestatus injection in monitoring quicksearch

Description

Livestatus injection in the monitoring quicksearch in Checkmk <2.5.0b4 allows an authenticated attacker to inject livestatus commands via the search query due to insufficient input sanitization in search filter plugins.

Affected Products

Also Affects

Downstream vendors/products affected by this vulnerability

References

• https://checkmk.com/werk/17988(vendor-advisory)

Related News (2 articles)