IT monitoring: Checkmk closes gap that allows files to be modified

A security vulnerability in the Checkmk monitoring software narrowly misses being classified as a critical risk. It allows attackers to read and write local files on the Checkmk server without authorization.

The manufacturer Checkmk warns of the leak in a security notice. The check_sftp function did not restrict local paths for files being uploaded or downloaded. This allowed malicious actors with the rights to configure check_sftp to read or write files within the Checkmk site without authorization. The CVE entry CVE-2024-28826 has now been created for this. The developers classify the severity as high risk with a CVSS value of 8.8.

Checkmk: Updates are available

The bug affects Checkmk Raw, the Community Edition of the monitoring software, in versions 2.3.0, 2.2.0, 2.1.0 and 2.0.0 - whereby the latter has already reached the end-of-lifecycle. The Checkmk versions 2.4.0b1, 2.3.0p4, 2.2.0p27 and 2.1.0p44 contain corrections that eliminate the security-relevant error. The programmers explain that the program code now limits local paths to the var/check_mk/active_checks/check_sftp folder within the Checkmk site. As a result, files end up in a new location.

The problem was noticed during internal code checks. It was therefore not reported by external IT researchers. Due to the risk classification, which only just misses the critical status, admins who use Checkmk should download and use the updated software quickly.

The developers had already fixed three security vulnerabilities in Checkmk plug-ins in March. Two of these were classified as high risk.

(dmk)