{"id":"CVE-2021-40905","details":"The web management console of CheckMK Enterprise Edition (versions 1.5.0 to 2.0.0p9) does not properly sanitise the uploading of \".mkp\" files, which are Extension Packages, making remote code execution possible. Successful exploitation requires access to the web management interface, either with valid credentials or with a hijacked session of a user with administrator role. NOTE: the vendor states that this is the intended behavior: admins are supposed to be able to execute code in this manner","modified":"2026-04-10T04:38:07.330921Z","published":"2022-03-25T23:15:08.237Z","references":[{"type":"WEB","url":"http://checkmk.com"},{"type":"EVIDENCE","url":"https://github.com/Edgarloyola/CVE-2021-40905"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/checkmk/checkmk","events":[{"introduced":"0"},{"last_affected":"a08e390df0ae711bbee6fbdd0d32da1452918ae3"},{"introduced":"0"},{"last_affected":"a21f44d5ed8ad8c40784e6c68faf597d7e45a949"},{"introduced":"0"},{"last_affected":"6d2dbf92cfa5a81748474d25c363580149b0f2f1"},{"introduced":"0"},{"last_affected":"715a3481d11141310265e2144e29271bfb4e6ef2"},{"introduced":"0"},{"last_affected":"3097f9c57877fe7651d8c2a46e648a28cf920ed6"},{"introduced":"0"},{"last_affected":"81ef39b47302619a5b4ff268a9cd0576b75e7bcb"},{"introduced":"0"},{"last_affected":"a95de6e2902e809b0fe81105b56977603d9fb240"},{"introduced":"0"},{"last_affected":"3a98f74ec242670d49ac7fec02d99fe98473500a"},{"introduced":"0"},{"last_affected":"b23e1322930e36d532c7a4d339221681debad59b"},{"introduced":"0"},{"last_affected":"a21f44d5ed8ad8c40784e6c68faf597d7e45a949"},{"introduced":"0"},{"last_affected":"a21f44d5ed8ad8c40784e6c68faf597d7e45a949"},{"introduced":"0"},{"last_affected":"df41d340f4846d8c56fc59dc66aa75eea1982267"},{"introduced":"0"},{"last_affected":"684d45dd10dc01d4c8832a57143e01f99648935c"},{"introduced":"0"},{"last_affected":"732c7bf20e0494dab8adf1bcd33050c12152953a"},{"introduced":"0"},{"last_affected":"a7e983abbae3f5e5e76597fcf514f27496c6b8af"},{"introduced":"0"},{"last_affected":"9a6a31d750f2ce84318fb060edc2ce773e6ff40f"},{"introduced":"0"},{"last_affected":"3e6d79677aeebabb6ba079026a06736b5ce6ece1"},{"introduced":"0"},{"last_affected":"6eb3b5bc4955858e31cdfb55d54dd73596fda235"},{"introduced":"0"},{"last_affected":"8b5aced3bb5522033e47d88084ca781a8564a988"},{"introduced":"0"},{"last_affected":"6d2dbf92cfa5a81748474d25c363580149b0f2f1"},{"introduced":"0"},{"last_affected":"715a3481d11141310265e2144e29271bfb4e6ef2"},{"introduced":"0"},{"last_affected":"3097f9c57877fe7651d8c2a46e648a28cf920ed6"},{"introduced":"0"},{"last_affected":"81ef39b47302619a5b4ff268a9cd0576b75e7bcb"},{"introduced":"0"},{"last_affected":"a95de6e2902e809b0fe81105b56977603d9fb240"},{"introduced":"0"},{"last_affected":"3a98f74ec242670d49ac7fec02d99fe98473500a"},{"introduced":"0"},{"last_affected":"b23e1322930e36d532c7a4d339221681debad59b"},{"introduced":"0"},{"last_affected":"966a84e7fae45f25cc63150a256dc4df3907c9b0"},{"introduced":"adf02f46678361844d794effb70eeca27c268548"},{"fixed":"a08e390df0ae711bbee6fbdd0d32da1452918ae3"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"2.0.0-NA"},{"introduced":"0"},{"last_affected":"2.0.0-b1"},{"introduced":"0"},{"last_affected":"2.0.0-b2"},{"introduced":"0"},{"last_affected":"2.0.0-b3"},{"introduced":"0"},{"last_affected":"2.0.0-b4"},{"introduced":"0"},{"last_affected":"2.0.0-b5"},{"introduced":"0"},{"last_affected":"2.0.0-b6"},{"introduced":"0"},{"last_affected":"2.0.0-b7"},{"introduced":"0"},{"last_affected":"2.0.0-b8"},{"introduced":"0"},{"last_affected":"2.0.0-i1"},{"introduced":"0"},{"last_affected":"2.0.0-p1"},{"introduced":"0"},{"last_affected":"2.0.0-p10"},{"introduced":"0"},{"last_affected":"2.0.0-p11"},{"introduced":"0"},{"last_affected":"2.0.0-p12"},{"introduced":"0"},{"last_affected":"2.0.0-p13"},{"introduced":"0"},{"last_affected":"2.0.0-p14"},{"introduced":"0"},{"last_affected":"2.0.0-p15"},{"introduced":"0"},{"last_affected":"2.0.0-p16"},{"introduced":"0"},{"last_affected":"2.0.0-p17"},{"introduced":"0"},{"last_affected":"2.0.0-p2"},{"introduced":"0"},{"last_affected":"2.0.0-p3"},{"introduced":"0"},{"last_affected":"2.0.0-p4"},{"introduced":"0"},{"last_affected":"2.0.0-p5"},{"introduced":"0"},{"last_affected":"2.0.0-p6"},{"introduced":"0"},{"last_affected":"2.0.0-p7"},{"introduced":"0"},{"last_affected":"2.0.0-p8"},{"introduced":"0"},{"last_affected":"2.0.0-p9"},{"introduced":"1.5.0"},{"fixed":"2.0.0"}]}}],"versions":["1.1.0beta17","v1.1.0","v1.1.10","v1.1.10b1","v1.1.10b2","v1.1.11i1","v1.1.11i2","v1.1.11i3","v1.1.13i2","v1.1.13i3","v1.1.2","v1.1.3","v1.1.4","v1.1.6","v1.1.6b2","v1.1.7i2","v1.1.7i3","v1.1.7i4","v1.1.7i5","v1.1.8","v1.1.8b1","v1.1.8b2","v1.1.8b3","v1.1.9i1","v1.1.9i3","v1.1.9i4","v1.1.9i5","v1.1.9i7","v1.1.9i8","v1.1.9i9","v1.2.0b2","v1.2.0b3","v1.2.0b4","v1.2.0p1","v1.2.1i5","v1.2.3i4","v1.2.3i5","v1.2.3i6","v1.2.5i1","v1.2.5i6","v1.4.0i1","v1.4.0i2","v1.4.0i3","v1.5.0i1","v1.5.0i2","v1.5.0i3","v1.6.0b1","v2.0.0","v2.0.0b1","v2.0.0b2","v2.0.0b3","v2.0.0b4","v2.0.0b5","v2.0.0b6","v2.0.0b7","v2.0.0i1","v2.0.0p1","v2.0.0p10","v2.0.0p11","v2.0.0p12","v2.0.0p13","v2.0.0p14","v2.0.0p15","v2.0.0p16","v2.0.0p17","v2.0.0p3","v2.0.0p4","v2.0.0p5","v2.0.0p6","v2.0.0p7","v2.0.0p8","v2.0.0p9"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-40905.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}]}