Lucene search

Ubuntu.comUB:CVE-2024-28828

HistoryJul 10, 2024 - 12:00 a.m.

CVE-2024-28828

2024-07-1000:00:00

ubuntu.com

cve-2024-28828

checkmk

cross-site request forgery

1-click compromize

unix

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

6.9

Confidence

Low

EPSS

0.001

Percentile

24.7%

JSON

Cross-Site request forgery in Checkmk < 2.3.0p8, < 2.2.0p29, < 2.1.0p45,
and <= 2.0.0p39 (EOL) could lead to 1-click compromize of the site.

OSVersionArchitecturePackageVersionFilename
ubuntu18.04noarchcheck-mk< anyUNKNOWN
ubuntu16.04noarchcheck-mk< anyUNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	18.04	noarch	check-mk	< any	UNKNOWN
ubuntu	16.04	noarch	check-mk	< any	UNKNOWN

References

checkmk.com/werk/17090

launchpad.net/bugs/cve/CVE-2024-28828

nvd.nist.gov/vuln/detail/CVE-2024-28828

security-tracker.debian.org/tracker/CVE-2024-28828

www.cve.org/CVERecord?id=CVE-2024-28828

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

6.9

Confidence

Low

EPSS

0.001

Percentile

24.7%

JSON

Related for UB:CVE-2024-28828