CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:S/C:N/I:P/A:N
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
EPSS
Percentile
29.4%
The CheckMK management web console (versions 1.5.0 to 2.0.0) does not
sanitise user input in various parameters of the WATO module. This allows
an attacker to open a backdoor on the device with HTML content and
interpreted by the browser (such as JavaScript or other client-side
scripts), the XSS payload will be triggered when the user accesses some
specific sections of the application. In the same sense a very dangerous
potential way would be when an attacker who has the monitor role (not
administrator) manages to get a stored XSS to steal the secretAutomation
(for the use of the API in administrator mode) and thus be able to create
another administrator user who has high privileges on the CheckMK
monitoring web console. Another way is that persistent XSS allows an
attacker to modify the displayed content or change the victim’s
information. Successful exploitation requires access to the web management
interface, either with valid credentials or with a hijacked session.
Author | Note |
---|---|
0xnishit | fix: https://github.com/tribe29/checkmk/commit/821f99e7ca3dcb41131df25023390a71ef31ad1b |
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:S/C:N/I:P/A:N
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
EPSS
Percentile
29.4%