Lucene search

[email protected]CVE-2024-38857

HistoryJul 02, 2024 - 8:15 a.m.

CVE-2024-38857

2024-07-0208:15:06

CWE-79

[email protected]

web.nvd.nist.gov

improper neutralization checkmk phishing attacks

4.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

4.7 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.2%

JSON

Improper neutralization of input in Checkmk before versions 2.3.0p8, 2.2.0p28, 2.1.0p45, and 2.0.0 (EOL) allows attackers to craft malicious links that can facilitate phishing attacks.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Checkmk",
    "vendor": "Checkmk GmbH",
    "versions": [
      {
        "lessThan": "2.3.0p8",
        "status": "affected",
        "version": "2.3.0",
        "versionType": "semver"
      },
      {
        "lessThan": "2.2.0p28",
        "status": "affected",
        "version": "2.2.0",
        "versionType": "semver"
      },
      {
        "lessThan": "2.1.0p45",
        "status": "affected",
        "version": "2.1.0",
        "versionType": "semver"
      },
      {
        "lessThanOrEqual": "2.0.0p39",
        "status": "affected",
        "version": "2.0.0",
        "versionType": "semver"
      }
    ]
  }
]

References

checkmk.com/werk/17059

4.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

4.7 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.2%

JSON

Related for CVE-2024-38857

nvd1 vulnrichment1 cvelist1 ubuntucve1