Lucene search

CheckmkCVELIST:CVE-2024-2380

HistoryApr 05, 2024 - 1:01 p.m.

CVE-2024-2380 XSS in graph rendering

2024-04-0513:01:08

CWE-80

Checkmk

www.cve.org

xss

graph rendering

checkmk

security vulnerability

CVSS3

4.6

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N

AI Score

4.7

Confidence

High

EPSS

Percentile

9.0%

JSON

Stored XSS in graph rendering in Checkmk <2.3.0b4.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Checkmk",
    "vendor": "Checkmk GmbH",
    "versions": [
      {
        "lessThan": "2.3.0b4",
        "status": "affected",
        "version": "2.3.0",
        "versionType": "semver"
      }
    ]
  }
]

References

checkmk.com/werk/16618