Lucene search

[email protected]NVD:CVE-2024-38858

HistorySep 02, 2024 - 12:15 p.m.

CVE-2024-38858

2024-09-0212:15:19

CWE-79

[email protected]

web.nvd.nist.gov

checkmk

input neutralization

injection

malicious scripts

robotmk logs view

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

17.7%

JSON

Improper neutralization of input in Checkmk before version 2.3.0p14 allows attackers to inject and run malicious scripts in the Robotmk logs view.

Affected configurations

Nvd

Node

checkmkcheckmkRange<2.3.0

checkmkcheckmkMatch2.3.0-

checkmkcheckmkMatch2.3.0p1

checkmkcheckmkMatch2.3.0p10

checkmkcheckmkMatch2.3.0p11

checkmkcheckmkMatch2.3.0p12

checkmkcheckmkMatch2.3.0p13

checkmkcheckmkMatch2.3.0p2

checkmkcheckmkMatch2.3.0p3

checkmkcheckmkMatch2.3.0p4

checkmkcheckmkMatch2.3.0p5

checkmkcheckmkMatch2.3.0p6

checkmkcheckmkMatch2.3.0p7

checkmkcheckmkMatch2.3.0p8

checkmkcheckmkMatch2.3.0p9

VendorProductVersionCPE
checkmkcheckmk*cpe:2.3:a:checkmk:checkmk:*:*:*:*:*:*:*:*
checkmkcheckmk2.3.0cpe:2.3:a:checkmk:checkmk:2.3.0:-:*:*:*:*:*:*
checkmkcheckmk2.3.0cpe:2.3:a:checkmk:checkmk:2.3.0:p1:*:*:*:*:*:*
checkmkcheckmk2.3.0cpe:2.3:a:checkmk:checkmk:2.3.0:p10:*:*:*:*:*:*
checkmkcheckmk2.3.0cpe:2.3:a:checkmk:checkmk:2.3.0:p11:*:*:*:*:*:*
checkmkcheckmk2.3.0cpe:2.3:a:checkmk:checkmk:2.3.0:p12:*:*:*:*:*:*
checkmkcheckmk2.3.0cpe:2.3:a:checkmk:checkmk:2.3.0:p13:*:*:*:*:*:*
checkmkcheckmk2.3.0cpe:2.3:a:checkmk:checkmk:2.3.0:p2:*:*:*:*:*:*
checkmkcheckmk2.3.0cpe:2.3:a:checkmk:checkmk:2.3.0:p3:*:*:*:*:*:*
checkmkcheckmk2.3.0cpe:2.3:a:checkmk:checkmk:2.3.0:p4:*:*:*:*:*:*

Vendor	Product	Version	CPE
checkmk	checkmk	*	cpe:2.3:a:checkmk:checkmk::::::::
checkmk	checkmk	2.3.0	cpe:2.3:a:checkmk:checkmk:2.3.0:-::::::
checkmk	checkmk	2.3.0	cpe:2.3:a:checkmk:checkmk:2.3.0:p1::::::
checkmk	checkmk	2.3.0	cpe:2.3:a:checkmk:checkmk:2.3.0:p10::::::
checkmk	checkmk	2.3.0	cpe:2.3:a:checkmk:checkmk:2.3.0:p11::::::
checkmk	checkmk	2.3.0	cpe:2.3:a:checkmk:checkmk:2.3.0:p12::::::
checkmk	checkmk	2.3.0	cpe:2.3:a:checkmk:checkmk:2.3.0:p13::::::
checkmk	checkmk	2.3.0	cpe:2.3:a:checkmk:checkmk:2.3.0:p2::::::
checkmk	checkmk	2.3.0	cpe:2.3:a:checkmk:checkmk:2.3.0:p3::::::
checkmk	checkmk	2.3.0	cpe:2.3:a:checkmk:checkmk:2.3.0:p4::::::

Rows per page:

1-10 of 151

References

checkmk.com/werk/17232

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

17.7%

JSON

Related for NVD:CVE-2024-38858

vulnrichment1 cvelist1 cve1