{"id":"CVE-2023-31209","details":"Improper neutralization of active check command arguments in Checkmk \u003c 2.1.0p32, \u003c 2.0.0p38, \u003c 2.2.0p4 leads to arbitrary command execution for authenticated users.","modified":"2025-11-15T06:31:28.657713Z","published":"2023-08-10T09:15:12.123Z","references":[{"type":"ADVISORY","url":"https://checkmk.com/werk/15194"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/checkmk/checkmk","events":[{"introduced":"0"},{"fixed":"a08e390df0ae711bbee6fbdd0d32da1452918ae3"}]}],"versions":["1.1.0beta17","v1.1.0","v1.1.10","v1.1.10b1","v1.1.10b2","v1.1.11i1","v1.1.11i2","v1.1.11i3","v1.1.11i4","v1.1.12","v1.1.12b1","v1.1.12b2","v1.1.13i1","v1.1.13i2","v1.1.13i3","v1.1.2","v1.1.3","v1.1.3b1","v1.1.4","v1.1.5i0","v1.1.5i1","v1.1.5i2","v1.1.5i3","v1.1.6","v1.1.6b2","v1.1.6b3","v1.1.7i1","v1.1.7i2","v1.1.7i3","v1.1.7i4","v1.1.7i5","v1.1.8","v1.1.8b1","v1.1.8b2","v1.1.8b3","v1.1.9i1","v1.1.9i2","v1.1.9i3","v1.1.9i4","v1.1.9i5","v1.1.9i6","v1.1.9i7","v1.1.9i8","v1.1.9i9","v1.2.0b1","v1.2.0b2","v1.2.0b3","v1.2.0b4","v1.2.0b5","v1.2.0b6","v1.2.0p1","v1.2.0p2","v1.2.0p3","v1.2.1i1","v1.2.1i2","v1.2.1i3","v1.2.1i4","v1.2.1i5","v1.2.2b1","v1.2.3i1","v1.2.3i2","v1.2.3i3","v1.2.3i4","v1.2.3i5","v1.2.3i6","v1.2.3i7","v1.2.5i1","v1.2.5i2","v1.2.5i3","v1.2.5i4","v1.2.5i5","v1.2.5i6","v1.2.7i1","v1.2.7i2","v1.2.7i3","v1.4.0i1","v1.4.0i2","v1.4.0i3","v1.5.0i1","v1.5.0i2","v1.5.0i3","v1.6.0b1","v2.0.0b1","v2.0.0b2","v2.0.0b3","v2.0.0b4","v2.0.0b5","v2.0.0b6","v2.0.0b7","v2.0.0i1"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-31209.json"}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}]}