Lucene search

CheckmkCVE-2024-38858

HistorySep 02, 2024 - 12:15 p.m.

CVE-2024-38858

2024-09-0212:15:19

CWE-79

Checkmk

web.nvd.nist.gov

improper neutralization checkmk injection robotmk logs

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CVSS4

2.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

PASSIVE

CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/SC:L/VI:N/SI:L/VA:N/SA:N

AI Score

6.5

Confidence

High

EPSS

0.001

Percentile

17.7%

JSON

Improper neutralization of input in Checkmk before version 2.3.0p14 allows attackers to inject and run malicious scripts in the Robotmk logs view.

Affected configurations

Nvd

Node

checkmkcheckmkRange<2.3.0

checkmkcheckmkMatch2.3.0-

checkmkcheckmkMatch2.3.0p1

checkmkcheckmkMatch2.3.0p10

checkmkcheckmkMatch2.3.0p11

checkmkcheckmkMatch2.3.0p12

checkmkcheckmkMatch2.3.0p13

checkmkcheckmkMatch2.3.0p2

checkmkcheckmkMatch2.3.0p3

checkmkcheckmkMatch2.3.0p4

checkmkcheckmkMatch2.3.0p5

checkmkcheckmkMatch2.3.0p6

checkmkcheckmkMatch2.3.0p7

checkmkcheckmkMatch2.3.0p8

checkmkcheckmkMatch2.3.0p9

VendorProductVersionCPE
checkmkcheckmk*cpe:2.3:a:checkmk:checkmk:*:*:*:*:*:*:*:*
checkmkcheckmk2.3.0cpe:2.3:a:checkmk:checkmk:2.3.0:-:*:*:*:*:*:*
checkmkcheckmk2.3.0cpe:2.3:a:checkmk:checkmk:2.3.0:p1:*:*:*:*:*:*
checkmkcheckmk2.3.0cpe:2.3:a:checkmk:checkmk:2.3.0:p10:*:*:*:*:*:*
checkmkcheckmk2.3.0cpe:2.3:a:checkmk:checkmk:2.3.0:p11:*:*:*:*:*:*
checkmkcheckmk2.3.0cpe:2.3:a:checkmk:checkmk:2.3.0:p12:*:*:*:*:*:*
checkmkcheckmk2.3.0cpe:2.3:a:checkmk:checkmk:2.3.0:p13:*:*:*:*:*:*
checkmkcheckmk2.3.0cpe:2.3:a:checkmk:checkmk:2.3.0:p2:*:*:*:*:*:*
checkmkcheckmk2.3.0cpe:2.3:a:checkmk:checkmk:2.3.0:p3:*:*:*:*:*:*
checkmkcheckmk2.3.0cpe:2.3:a:checkmk:checkmk:2.3.0:p4:*:*:*:*:*:*

Vendor	Product	Version	CPE
checkmk	checkmk	*	cpe:2.3:a:checkmk:checkmk::::::::
checkmk	checkmk	2.3.0	cpe:2.3:a:checkmk:checkmk:2.3.0:-::::::
checkmk	checkmk	2.3.0	cpe:2.3:a:checkmk:checkmk:2.3.0:p1::::::
checkmk	checkmk	2.3.0	cpe:2.3:a:checkmk:checkmk:2.3.0:p10::::::
checkmk	checkmk	2.3.0	cpe:2.3:a:checkmk:checkmk:2.3.0:p11::::::
checkmk	checkmk	2.3.0	cpe:2.3:a:checkmk:checkmk:2.3.0:p12::::::
checkmk	checkmk	2.3.0	cpe:2.3:a:checkmk:checkmk:2.3.0:p13::::::
checkmk	checkmk	2.3.0	cpe:2.3:a:checkmk:checkmk:2.3.0:p2::::::
checkmk	checkmk	2.3.0	cpe:2.3:a:checkmk:checkmk:2.3.0:p3::::::
checkmk	checkmk	2.3.0	cpe:2.3:a:checkmk:checkmk:2.3.0:p4::::::

Rows per page:

1-10 of 151

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Checkmk",
    "vendor": "Checkmk GmbH",
    "versions": [
      {
        "lessThan": "2.3.0p14",
        "status": "affected",
        "version": "2.3.0",
        "versionType": "semver"
      }
    ]
  }
]

References

checkmk.com/werk/17232

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CVSS4

2.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

PASSIVE

CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/SC:L/VI:N/SI:L/VA:N/SA:N

AI Score

6.5

Confidence

High

EPSS

0.001

Percentile

17.7%

JSON

Related for CVE-2024-38858