Lucene search
CheckmkCVE-2024-28830HistoryJun 26, 2024 - 8:15 a.m.
CVE-2024-28830
2024-06-2608:15:09
CWE-532
Checkmk
web.nvd.nist.gov
24
cve-2024-28830
checkmk
sensitive information
log file
automation user
audit log
administrators
CVSS3
2.7
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
AI Score
3.8
Confidence
High
EPSS
0
Percentile
9.1%
Insertion of Sensitive Information into Log File in Checkmk GmbH’s Checkmk versions <2.3.0p7, <2.2.0p28, <2.1.0p45 and <=2.0.0p39 (EOL) causes automation user secrets to be written to audit log files accessible to administrators.
CNA Affected
[
{
"defaultStatus": "unaffected",
"product": "Checkmk",
"vendor": "Checkmk GmbH",
"versions": [
{
"lessThan": "2.3.0p7",
"status": "affected",
"version": "2.3.0",
"versionType": "semver"
},
{
"lessThan": "2.2.0p28",
"status": "affected",
"version": "2.2.0",
"versionType": "semver"
},
{
"lessThan": "2.1.0p45",
"status": "affected",
"version": "2.1.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "2.0.0p39",
"status": "affected",
"version": "2.0.0",
"versionType": "semver"
}
]
}
]References
Related
osv
osv
CVE-2024-28830
2024-06-26 08:15:00
UBUNTU-CVE-2024-28830
2024-06-26 08:15:00
ubuntucve
ubuntucve
CVE-2024-28830
2024-06-26 00:00:00
vulnrichment
vulnrichment
CVE-2024-28830 Automation user secrets written to audit log
2024-06-26 07:56:57
nvd
nvd
CVE-2024-28830
2024-06-26 08:15:09
cvelist
cvelist
CVE-2024-28830 Automation user secrets written to audit log
2024-06-26 07:56:57
CVSS3
2.7
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
AI Score
3.8
Confidence
High
EPSS
0
Percentile
9.1%
Related for CVE-2024-28830