Checkmk: Remote Code Execution by Chaining Multiple Bugs (2/3)

The Checkmk NagVis integration has a vulnerability that allows an unauthenticated attacker to bypass authentication and gain access to the NagVis component. This is achieved by leveraging the ability to delete arbitrary files, which results in an empty secret value if executed in a specific order. The vulnerability is due to the different implementations of file deletion operations between Checkmk GUI and Nagvis, making it possible for an attacker to exploit this technique despite the Checkmk GUI's defense-in-depth approach.