CheckmkVULNRICHMENT:CVE-2024-28830CVE-2024-28830 Automation user secrets written to audit log
2.7 Low
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
6.8 Medium
AI Score
Confidence
Low
0.0004 Low
EPSS
Percentile
9.1%
Insertion of Sensitive Information into Log File in Checkmk GmbH’s Checkmk versions <2.3.0p7, <2.2.0p28, <2.1.0p45 and <=2.0.0p39 (EOL) causes automation user secrets to be written to audit log files accessible to administrators.
CNA Affected
[
{
"vendor": "Checkmk GmbH",
"product": "Checkmk",
"versions": [
{
"status": "affected",
"version": "2.3.0",
"lessThan": "2.3.0p7",
"versionType": "semver"
},
{
"status": "affected",
"version": "2.2.0",
"lessThan": "2.2.0p28",
"versionType": "semver"
},
{
"status": "affected",
"version": "2.1.0",
"lessThan": "2.1.0p45",
"versionType": "semver"
},
{
"status": "affected",
"version": "2.0.0",
"versionType": "semver",
"lessThanOrEqual": "2.0.0p39"
}
],
"defaultStatus": "unaffected"
}
]References
Related
2.7 Low
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
6.8 Medium
AI Score
Confidence
Low
0.0004 Low
EPSS
Percentile
9.1%