{"id":"CVE-2017-14955","details":"Check_MK before 1.2.8p26 mishandles certain errors within the failed-login save feature because of a race condition, which allows remote attackers to obtain sensitive user information by reading a GUI crash report.","modified":"2026-04-11T12:05:16.114837Z","published":"2017-10-02T01:29:00.390Z","database_specific":{"unresolved_ranges":[{"cpe":"cpe:2.3:a:checkmk:checkmk:1.2.7:i4:*:*:*:*:*:*","extracted_events":[{"last_affected":"1.2.7-i4"}],"source":"CPE_FIELD"}]},"references":[{"type":"ADVISORY","url":"http://mathias-kettner.com/check_mk_werks.php?edition_id=raw&branch=1.2.8"},{"type":"ADVISORY","url":"https://mathias-kettner.de/check_mk_werks.php?werk_id=5208&HTML=yes"},{"type":"ADVISORY","url":"https://www.exploit-db.com/exploits/43021/"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/checkmk/checkmk","events":[{"introduced":"0"},{"last_affected":"4dd7a3b115e8b3bae043ff01b2a81df96118f9a7"},{"last_affected":"33fa2261f4ef9cb1c0a4327e9a4bbaf53fb43d6a"},{"last_affected":"d9131e04331080fbff3e0cacc566536f3bd1179b"},{"last_affected":"061db47e87c7f7a4e4818b1d905135c71194d043"},{"last_affected":"de64256068dfa07067a91b208eba682f06dfc81d"},{"last_affected":"68d690c8ae504e017fc2ae993c74b4afe9fea130"},{"last_affected":"28db579dbd8d141783f5ac374582f308634807d3"},{"last_affected":"ff4caf934b53af5502d1e03a2a326e4b534b1dfb"},{"last_affected":"8643176d8c7d83f12156768c7f5a0f5c8ea0df87"},{"last_affected":"3cd1ad051831e3b6b8c5478f390a9da5620a6e18"},{"last_affected":"7e89fef23aa79c0542f7f32b3ff22e6539cf3348"},{"last_affected":"1f24140e46b1dabcf3702ab46f4fe7ffe06f2327"},{"last_affected":"e54ecf518508ee9c77e12508ceea3cc3b47e7f77"},{"last_affected":"ad22ba59da3345d5824012abd8a91fe7594be852"},{"last_affected":"1f21b93537c0e9429237359b53f77aa23f72b532"},{"last_affected":"b585bf6db2bac908b8800a468c98e4a8d68704dc"},{"last_affected":"bdbf9d6f199d66ead89d8b74f2cc2a0e0c52d4ca"},{"last_affected":"7587c8acc9c3c1dd4913eb832e32149c507efc66"}],"database_specific":{"cpe":["cpe:2.3:a:checkmk:checkmk:1.2.3:i6:*:*:*:*:*:*","cpe:2.3:a:checkmk:checkmk:1.2.3:i7:*:*:*:*:*:*","cpe:2.3:a:checkmk:checkmk:1.2.4:b1:*:*:*:*:*:*","cpe:2.3:a:checkmk:checkmk:1.2.5:i1:*:*:*:*:*:*","cpe:2.3:a:checkmk:checkmk:1.2.5:i2:*:*:*:*:*:*","cpe:2.3:a:checkmk:checkmk:1.2.5:i3:*:*:*:*:*:*","cpe:2.3:a:checkmk:checkmk:1.2.5:i4:*:*:*:*:*:*","cpe:2.3:a:checkmk:checkmk:1.2.5:i5:*:*:*:*:*:*","cpe:2.3:a:checkmk:checkmk:1.2.5:i6:*:*:*:*:*:*","cpe:2.3:a:checkmk:checkmk:1.2.6:b1:*:*:*:*:*:*","cpe:2.3:a:checkmk:checkmk:1.2.6:b2:*:*:*:*:*:*","cpe:2.3:a:checkmk:checkmk:1.2.6:p13:*:*:*:*:*:*","cpe:2.3:a:checkmk:checkmk:1.2.7:i1:*:*:*:*:*:*","cpe:2.3:a:checkmk:checkmk:1.2.7:i1p2:*:*:*:*:*:*","cpe:2.3:a:checkmk:checkmk:1.2.7:i2:*:*:*:*:*:*","cpe:2.3:a:checkmk:checkmk:1.2.7:i3:*:*:*:*:*:*","cpe:2.3:a:checkmk:checkmk:1.2.8:p18:*:*:*:*:*:*","cpe:2.3:a:checkmk:checkmk:1.2.8:p25:*:*:*:*:*:*"],"extracted_events":[{"introduced":"0"},{"last_affected":"1.2.3-i6"},{"last_affected":"1.2.3-i7"},{"last_affected":"1.2.4-b1"},{"last_affected":"1.2.5-i1"},{"last_affected":"1.2.5-i2"},{"last_affected":"1.2.5-i3"},{"last_affected":"1.2.5-i4"},{"last_affected":"1.2.5-i5"},{"last_affected":"1.2.5-i6"},{"last_affected":"1.2.6-b1"},{"last_affected":"1.2.6-b2"},{"last_affected":"1.2.6-p13"},{"last_affected":"1.2.7-i1"},{"last_affected":"1.2.7-i1p2"},{"last_affected":"1.2.7-i2"},{"last_affected":"1.2.7-i3"},{"last_affected":"1.2.8-p18"},{"last_affected":"1.2.8-p25"}],"source":"CPE_FIELD"}}],"versions":["1.1.0beta17","v1.1.0","v1.1.10","v1.1.10b1","v1.1.10b2","v1.1.11i1","v1.1.11i2","v1.1.11i3","v1.1.13i2","v1.1.13i3","v1.1.2","v1.1.3","v1.1.4","v1.1.6","v1.1.6b2","v1.1.7i2","v1.1.7i3","v1.1.7i4","v1.1.7i5","v1.1.8","v1.1.8b1","v1.1.8b2","v1.1.8b3","v1.1.9i1","v1.1.9i3","v1.1.9i4","v1.1.9i5","v1.1.9i7","v1.1.9i8","v1.1.9i9","v1.2.0b2","v1.2.0b3","v1.2.0b4","v1.2.0p1","v1.2.1i5","v1.2.3i4","v1.2.3i5","v1.2.3i6","v1.2.3i7","v1.2.4","v1.2.4b1","v1.2.4b2","v1.2.4b3","v1.2.4b4","v1.2.4p1","v1.2.5i1","v1.2.5i2","v1.2.5i3","v1.2.5i4","v1.2.5i5","v1.2.5i6","v1.2.6","v1.2.6b1","v1.2.6b11","v1.2.6b12","v1.2.6b2","v1.2.6b5","v1.2.6b6","v1.2.6p1","v1.2.6p11","v1.2.6p12","v1.2.6p13","v1.2.6p2","v1.2.6p3","v1.2.6p5","v1.2.6p8","v1.2.6p9","v1.2.7i1","v1.2.7i1p1","v1.2.7i1p2","v1.2.7i2","v1.2.7i3","v1.2.8","v1.2.8b1","v1.2.8b10","v1.2.8b11","v1.2.8b12","v1.2.8b13","v1.2.8b2","v1.2.8b3","v1.2.8b4","v1.2.8b5","v1.2.8b6","v1.2.8b7","v1.2.8b8","v1.2.8b9","v1.2.8p1","v1.2.8p10","v1.2.8p11","v1.2.8p12","v1.2.8p13","v1.2.8p14","v1.2.8p15","v1.2.8p16","v1.2.8p17","v1.2.8p18","v1.2.8p19","v1.2.8p2","v1.2.8p20","v1.2.8p21","v1.2.8p22","v1.2.8p23","v1.2.8p24","v1.2.8p25","v1.2.8p3","v1.2.8p4","v1.2.8p5","v1.2.8p6","v1.2.8p7","v1.2.8p8","v1.2.8p9"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2017-14955.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"}]}