{ "affected": [ { "ranges": [ { "database_specific": { "versions": [ { "introduced": "0" }, { "last_affected": "2.0.0-NA" }, { "introduced": "0" }, { "last_affected": "2.0.0-b1" }, { "introduced": "0" }, { "last_affected": "2.0.0-b2" }, { "introduced": "0" }, { "last_affected": "2.0.0-b3" }, { "introduced": "0" }, { "last_affected": "2.0.0-b4" }, { "introduced": "0" }, { "last_affected": "2.0.0-b5" }, { "introduced": "0" }, { "last_affected": "2.0.0-b6" }, { "introduced": "0" }, { "last_affected": "2.0.0-b7" }, { "introduced": "0" }, { "last_affected": "2.0.0-b8" }, { "introduced": "0" }, { "last_affected": "2.0.0-i1" }, { "introduced": "0" }, { "last_affected": "2.0.0-p1" }, { "introduced": "0" }, { "last_affected": "2.0.0-p10" }, { "introduced": "0" }, { "last_affected": "2.0.0-p11" }, { "introduced": "0" }, { "last_affected": "2.0.0-p12" }, { "introduced": "0" }, { "last_affected": "2.0.0-p13" }, { "introduced": "0" }, { "last_affected": "2.0.0-p14" }, { "introduced": "0" }, { "last_affected": "2.0.0-p15" }, { "introduced": "0" }, { "last_affected": "2.0.0-p16" }, { "introduced": "0" }, { "last_affected": "2.0.0-p17" }, { "introduced": "0" }, { "last_affected": "2.0.0-p2" }, { "introduced": "0" }, { "last_affected": "2.0.0-p3" }, { "introduced": "0" }, { "last_affected": "2.0.0-p4" }, { "introduced": "0" }, { "last_affected": "2.0.0-p5" }, { "introduced": "0" }, { "last_affected": "2.0.0-p6" }, { "introduced": "0" }, { "last_affected": "2.0.0-p7" }, { "introduced": "0" }, { "last_affected": "2.0.0-p8" }, { "introduced": "0" }, { "last_affected": "2.0.0-p9" }, { "introduced": "1.5.0" }, { "fixed": "2.0.0" } ] }, "events": [ { "introduced": "0" }, { "last_affected": "a08e390df0ae711bbee6fbdd0d32da1452918ae3" }, { "introduced": "0" }, { "last_affected": "a21f44d5ed8ad8c40784e6c68faf597d7e45a949" }, { "introduced": "0" }, { "last_affected": "6d2dbf92cfa5a81748474d25c363580149b0f2f1" }, { "introduced": "0" }, { "last_affected": "715a3481d11141310265e2144e29271bfb4e6ef2" }, { "introduced": "0" }, { "last_affected": "3097f9c57877fe7651d8c2a46e648a28cf920ed6" }, { "introduced": "0" }, { "last_affected": "81ef39b47302619a5b4ff268a9cd0576b75e7bcb" }, { "introduced": "0" }, { "last_affected": "a95de6e2902e809b0fe81105b56977603d9fb240" }, { "introduced": "0" }, { "last_affected": "3a98f74ec242670d49ac7fec02d99fe98473500a" }, { "introduced": "0" }, { "last_affected": "b23e1322930e36d532c7a4d339221681debad59b" }, { "introduced": "0" }, { "last_affected": "a21f44d5ed8ad8c40784e6c68faf597d7e45a949" }, { "introduced": "0" }, { "last_affected": "a21f44d5ed8ad8c40784e6c68faf597d7e45a949" }, { "introduced": "0" }, { "last_affected": "df41d340f4846d8c56fc59dc66aa75eea1982267" }, { "introduced": "0" }, { "last_affected": "684d45dd10dc01d4c8832a57143e01f99648935c" }, { "introduced": "0" }, { "last_affected": "732c7bf20e0494dab8adf1bcd33050c12152953a" }, { "introduced": "0" }, { "last_affected": "a7e983abbae3f5e5e76597fcf514f27496c6b8af" }, { "introduced": "0" }, { "last_affected": "9a6a31d750f2ce84318fb060edc2ce773e6ff40f" }, { "introduced": "0" }, { "last_affected": "3e6d79677aeebabb6ba079026a06736b5ce6ece1" }, { "introduced": "0" }, { "last_affected": "6eb3b5bc4955858e31cdfb55d54dd73596fda235" }, { "introduced": "0" }, { "last_affected": "8b5aced3bb5522033e47d88084ca781a8564a988" }, { "introduced": "0" }, { "last_affected": "6d2dbf92cfa5a81748474d25c363580149b0f2f1" }, { "introduced": "0" }, { "last_affected": "715a3481d11141310265e2144e29271bfb4e6ef2" }, { "introduced": "0" }, { "last_affected": "3097f9c57877fe7651d8c2a46e648a28cf920ed6" }, { "introduced": "0" }, { "last_affected": "81ef39b47302619a5b4ff268a9cd0576b75e7bcb" }, { "introduced": "0" }, { "last_affected": "a95de6e2902e809b0fe81105b56977603d9fb240" }, { "introduced": "0" }, { "last_affected": "3a98f74ec242670d49ac7fec02d99fe98473500a" }, { "introduced": "0" }, { "last_affected": "b23e1322930e36d532c7a4d339221681debad59b" }, { "introduced": "0" }, { "last_affected": "966a84e7fae45f25cc63150a256dc4df3907c9b0" }, { "introduced": "adf02f46678361844d794effb70eeca27c268548" }, { "fixed": "a08e390df0ae711bbee6fbdd0d32da1452918ae3" } ], "repo": "https://github.com/checkmk/checkmk", "type": "GIT" } ] } ], "details": "The web management console of CheckMK Enterprise Edition (versions 1.5.0 to 2.0.0p9) does not properly sanitise the uploading of \".mkp\" files, which are Extension Packages, making remote code execution possible. Successful exploitation requires access to the web management interface, either with valid credentials or with a hijacked session of a user with administrator role. NOTE: the vendor states that this is the intended behavior: admins are supposed to be able to execute code in this manner", "id": "CVE-2021-40905", "modified": "2026-03-13T21:52:58.429189550Z", "published": "2022-03-25T23:15:08.237Z", "references": [ { "type": "WEB", "url": "http://checkmk.com" }, { "type": "EVIDENCE", "url": "https://github.com/Edgarloyola/CVE-2021-40905" } ], "severity": [ { "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "type": "CVSS_V3" } ] }