Candidate: CVE-2014-2330
PublicDate: 2015-08-31 18:59:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2330
 http://packetstormsecurity.com/files/125850/DTC-A-20140324-002.txt
 http://mathias-kettner.de/check_mk_werks.php?werk_id=0766
Description:
 Multiple cross-site request forgery (CSRF) vulnerabilities in the Multisite
 GUI in Check_MK before 1.2.5i2 allow remote attackers to hijack the
 authentication of users for requests that (1) upload arbitrary snapshots,
 (2) delete arbitrary files, or possibly have other unspecified impact via
 unknown vectors.
Ubuntu-Description:
Notes:
Bugs:
 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=742689
Priority: medium
Discovered-by:
Assigned-to:
CVSS: 

Patches_check-mk:
upstream_check-mk: released (1.2.2p3-1)
precise_check-mk: ignored (reached end-of-life)
precise/esm_check-mk: DNE (precise was needed)
trusty_check-mk: not-affected (1.2.2p3-1)
trusty/esm_check-mk: DNE (trusty was not-affected [1.2.2p3-1])
vivid_check-mk: not-affected
vivid/stable-phone-overlay_check-mk: DNE
vivid/ubuntu-core_check-mk: DNE
wily_check-mk: not-affected
xenial_check-mk: not-affected
yakkety_check-mk: not-affected
zesty_check-mk: not-affected
devel_check-mk: not-affected