XSS in the view page with the SLA column configured in Checkmk versions prior to 2.3.0p14, 2.2.0p33, 2.1.0p47 and 2.0.0 (EOL) allowed malicious users to execute arbitrary scripts by injecting HTML elements into the SLA column title. These scripts could be executed when the view page was cloned by other users.
Metrics
Affected Vendors & Products
References
Link | Providers |
---|---|
https://checkmk.com/werk/17026 |
History
Tue, 03 Dec 2024 18:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Checkmk
Checkmk checkmk |
|
Weaknesses | CWE-79 | |
CPEs | cpe:2.3:a:checkmk:checkmk:2.0.0:*:*:*:*:*:*:* cpe:2.3:a:checkmk:checkmk:2.1.0:-:*:*:*:*:*:* cpe:2.3:a:checkmk:checkmk:2.1.0:b1:*:*:*:*:*:* cpe:2.3:a:checkmk:checkmk:2.1.0:b2:*:*:*:*:*:* cpe:2.3:a:checkmk:checkmk:2.1.0:b3:*:*:*:*:*:* cpe:2.3:a:checkmk:checkmk:2.1.0:b4:*:*:*:*:*:* cpe:2.3:a:checkmk:checkmk:2.1.0:b5:*:*:*:*:*:* cpe:2.3:a:checkmk:checkmk:2.1.0:b6:*:*:*:*:*:* cpe:2.3:a:checkmk:checkmk:2.1.0:b7:*:*:*:*:*:* cpe:2.3:a:checkmk:checkmk:2.1.0:b8:*:*:*:*:*:* cpe:2.3:a:checkmk:checkmk:2.1.0:b9:*:*:*:*:*:* cpe:2.3:a:checkmk:checkmk:2.1.0:p10:*:*:*:*:*:* cpe:2.3:a:checkmk:checkmk:2.1.0:p11:*:*:*:*:*:* cpe:2.3:a:checkmk:checkmk:2.1.0:p12:*:*:*:*:*:* cpe:2.3:a:checkmk:checkmk:2.1.0:p13:*:*:*:*:*:* cpe:2.3:a:checkmk:checkmk:2.1.0:p14:*:*:*:*:*:* cpe:2.3:a:checkmk:checkmk:2.1.0:p15:*:*:*:*:*:* cpe:2.3:a:checkmk:checkmk:2.1.0:p16:*:*:*:*:*:* cpe:2.3:a:checkmk:checkmk:2.1.0:p17:*:*:*:*:*:* cpe:2.3:a:checkmk:checkmk:2.1.0:p18:*:*:*:*:*:* cpe:2.3:a:checkmk:checkmk:2.1.0:p19:*:*:*:*:*:* cpe:2.3:a:checkmk:checkmk:2.1.0:p1:*:*:*:*:*:* cpe:2.3:a:checkmk:checkmk:2.1.0:p20:*:*:*:*:*:* cpe:2.3:a:checkmk:checkmk:2.1.0:p21:*:*:*:*:*:* cpe:2.3:a:checkmk:checkmk:2.1.0:p22:*:*:*:*:*:* cpe:2.3:a:checkmk:checkmk:2.1.0:p23:*:*:*:*:*:* cpe:2.3:a:checkmk:checkmk:2.1.0:p24:*:*:*:*:*:* cpe:2.3:a:checkmk:checkmk:2.1.0:p25:*:*:*:*:*:* cpe:2.3:a:checkmk:checkmk:2.1.0:p26:*:*:*:*:*:* cpe:2.3:a:checkmk:checkmk:2.1.0:p27:*:*:*:*:*:* cpe:2.3:a:checkmk:checkmk:2.1.0:p28:*:*:*:*:*:* cpe:2.3:a:checkmk:checkmk:2.1.0:p29:*:*:*:*:*:* cpe:2.3:a:checkmk:checkmk:2.1.0:p2:*:*:*:*:*:* cpe:2.3:a:checkmk:checkmk:2.1.0:p30:*:*:*:*:*:* cpe:2.3:a:checkmk:checkmk:2.1.0:p31:*:*:*:*:*:* cpe:2.3:a:checkmk:checkmk:2.1.0:p32:*:*:*:*:*:* cpe:2.3:a:checkmk:checkmk:2.1.0:p33:*:*:*:*:*:* cpe:2.3:a:checkmk:checkmk:2.1.0:p34:*:*:*:*:*:* cpe:2.3:a:checkmk:checkmk:2.1.0:p35:*:*:*:*:*:* cpe:2.3:a:checkmk:checkmk:2.1.0:p36:*:*:*:*:*:* cpe:2.3:a:checkmk:checkmk:2.1.0:p37:*:*:*:*:*:* cpe:2.3:a:checkmk:checkmk:2.1.0:p38:*:*:*:*:*:* cpe:2.3:a:checkmk:checkmk:2.1.0:p39:*:*:*:*:*:* cpe:2.3:a:checkmk:checkmk:2.1.0:p3:*:*:*:*:*:* cpe:2.3:a:checkmk:checkmk:2.1.0:p40:*:*:*:*:*:* cpe:2.3:a:checkmk:checkmk:2.1.0:p41:*:*:*:*:*:* cpe:2.3:a:checkmk:checkmk:2.1.0:p42:*:*:*:*:*:* cpe:2.3:a:checkmk:checkmk:2.1.0:p43:*:*:*:*:*:* cpe:2.3:a:checkmk:checkmk:2.1.0:p44:*:*:*:*:*:* cpe:2.3:a:checkmk:checkmk:2.1.0:p45:*:*:*:*:*:* cpe:2.3:a:checkmk:checkmk:2.1.0:p46:*:*:*:*:*:* cpe:2.3:a:checkmk:checkmk:2.1.0:p4:*:*:*:*:*:* cpe:2.3:a:checkmk:checkmk:2.1.0:p5:*:*:*:*:*:* cpe:2.3:a:checkmk:checkmk:2.1.0:p6:*:*:*:*:*:* cpe:2.3:a:checkmk:checkmk:2.1.0:p7:*:*:*:*:*:* cpe:2.3:a:checkmk:checkmk:2.1.0:p8:*:*:*:*:*:* cpe:2.3:a:checkmk:checkmk:2.1.0:p9:*:*:*:*:*:* cpe:2.3:a:checkmk:checkmk:2.2.0:-:*:*:*:*:*:* cpe:2.3:a:checkmk:checkmk:2.2.0:b1:*:*:*:*:*:* cpe:2.3:a:checkmk:checkmk:2.2.0:b2:*:*:*:*:*:* cpe:2.3:a:checkmk:checkmk:2.2.0:b3:*:*:*:*:*:* cpe:2.3:a:checkmk:checkmk:2.2.0:b4:*:*:*:*:*:* cpe:2.3:a:checkmk:checkmk:2.2.0:b5:*:*:*:*:*:* cpe:2.3:a:checkmk:checkmk:2.2.0:b6:*:*:*:*:*:* cpe:2.3:a:checkmk:checkmk:2.2.0:b7:*:*:*:*:*:* cpe:2.3:a:checkmk:checkmk:2.2.0:b8:*:*:*:*:*:* cpe:2.3:a:checkmk:checkmk:2.2.0:i1:*:*:*:*:*:* cpe:2.3:a:checkmk:checkmk:2.2.0:p10:*:*:*:*:*:* cpe:2.3:a:checkmk:checkmk:2.2.0:p11:*:*:*:*:*:* cpe:2.3:a:checkmk:checkmk:2.2.0:p12:*:*:*:*:*:* cpe:2.3:a:checkmk:checkmk:2.2.0:p13:*:*:*:*:*:* cpe:2.3:a:checkmk:checkmk:2.2.0:p14:*:*:*:*:*:* cpe:2.3:a:checkmk:checkmk:2.2.0:p15:*:*:*:*:*:* cpe:2.3:a:checkmk:checkmk:2.2.0:p16:*:*:*:*:*:* cpe:2.3:a:checkmk:checkmk:2.2.0:p17:*:*:*:*:*:* cpe:2.3:a:checkmk:checkmk:2.2.0:p18:*:*:*:*:*:* cpe:2.3:a:checkmk:checkmk:2.2.0:p19:*:*:*:*:*:* cpe:2.3:a:checkmk:checkmk:2.2.0:p1:*:*:*:*:*:* cpe:2.3:a:checkmk:checkmk:2.2.0:p20:*:*:*:*:*:* cpe:2.3:a:checkmk:checkmk:2.2.0:p21:*:*:*:*:*:* cpe:2.3:a:checkmk:checkmk:2.2.0:p22:*:*:*:*:*:* cpe:2.3:a:checkmk:checkmk:2.2.0:p23:*:*:*:*:*:* cpe:2.3:a:checkmk:checkmk:2.2.0:p24:*:*:*:*:*:* cpe:2.3:a:checkmk:checkmk:2.2.0:p25:*:*:*:*:*:* cpe:2.3:a:checkmk:checkmk:2.2.0:p26:*:*:*:*:*:* cpe:2.3:a:checkmk:checkmk:2.2.0:p27:*:*:*:*:*:* cpe:2.3:a:checkmk:checkmk:2.2.0:p28:*:*:*:*:*:* cpe:2.3:a:checkmk:checkmk:2.2.0:p29:*:*:*:*:*:* cpe:2.3:a:checkmk:checkmk:2.2.0:p2:*:*:*:*:*:* cpe:2.3:a:checkmk:checkmk:2.2.0:p30:*:*:*:*:*:* cpe:2.3:a:checkmk:checkmk:2.2.0:p31:*:*:*:*:*:* cpe:2.3:a:checkmk:checkmk:2.2.0:p32:*:*:*:*:*:* cpe:2.3:a:checkmk:checkmk:2.2.0:p3:*:*:*:*:*:* cpe:2.3:a:checkmk:checkmk:2.2.0:p4:*:*:*:*:*:* cpe:2.3:a:checkmk:checkmk:2.2.0:p5:*:*:*:*:*:* cpe:2.3:a:checkmk:checkmk:2.2.0:p6:*:*:*:*:*:* cpe:2.3:a:checkmk:checkmk:2.2.0:p7:*:*:*:*:*:* cpe:2.3:a:checkmk:checkmk:2.2.0:p8:*:*:*:*:*:* cpe:2.3:a:checkmk:checkmk:2.2.0:p9:*:*:*:*:*:* cpe:2.3:a:checkmk:checkmk:2.3.0:-:*:*:*:*:*:* cpe:2.3:a:checkmk:checkmk:2.3.0:b1:*:*:*:*:*:* cpe:2.3:a:checkmk:checkmk:2.3.0:b2:*:*:*:*:*:* cpe:2.3:a:checkmk:checkmk:2.3.0:b3:*:*:*:*:*:* cpe:2.3:a:checkmk:checkmk:2.3.0:b4:*:*:*:*:*:* cpe:2.3:a:checkmk:checkmk:2.3.0:b5:*:*:*:*:*:* cpe:2.3:a:checkmk:checkmk:2.3.0:b6:*:*:*:*:*:* cpe:2.3:a:checkmk:checkmk:2.3.0:p10:*:*:*:*:*:* cpe:2.3:a:checkmk:checkmk:2.3.0:p11:*:*:*:*:*:* cpe:2.3:a:checkmk:checkmk:2.3.0:p12:*:*:*:*:*:* cpe:2.3:a:checkmk:checkmk:2.3.0:p13:*:*:*:*:*:* cpe:2.3:a:checkmk:checkmk:2.3.0:p1:*:*:*:*:*:* cpe:2.3:a:checkmk:checkmk:2.3.0:p2:*:*:*:*:*:* cpe:2.3:a:checkmk:checkmk:2.3.0:p3:*:*:*:*:*:* cpe:2.3:a:checkmk:checkmk:2.3.0:p4:*:*:*:*:*:* cpe:2.3:a:checkmk:checkmk:2.3.0:p5:*:*:*:*:*:* cpe:2.3:a:checkmk:checkmk:2.3.0:p6:*:*:*:*:*:* cpe:2.3:a:checkmk:checkmk:2.3.0:p7:*:*:*:*:*:* cpe:2.3:a:checkmk:checkmk:2.3.0:p8:*:*:*:*:*:* cpe:2.3:a:checkmk:checkmk:2.3.0:p9:*:*:*:*:*:* |
|
Vendors & Products |
Checkmk
Checkmk checkmk |
|
Metrics |
cvssV3_1
|
Mon, 26 Aug 2024 16:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
Mon, 26 Aug 2024 14:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | XSS in the view page with the SLA column configured in Checkmk versions prior to 2.3.0p14, 2.2.0p33, 2.1.0p47 and 2.0.0 (EOL) allowed malicious users to execute arbitrary scripts by injecting HTML elements into the SLA column title. These scripts could be executed when the view page was cloned by other users. | |
Title | XSS in view page with SLA column | |
Weaknesses | CWE-80 | |
References |
| |
Metrics |
cvssV4_0
|
MITRE
Status: PUBLISHED
Assigner: Checkmk
Published: 2024-08-26T14:15:32.555Z
Updated: 2024-08-26T15:22:30.830Z
Reserved: 2024-06-20T10:03:09.178Z
Link: CVE-2024-38859
Vulnrichment
Updated: 2024-08-26T15:22:27.059Z
NVD
Status : Analyzed
Published: 2024-08-26T15:15:08.183
Modified: 2024-12-03T17:47:02.467
Link: CVE-2024-38859
Redhat
No data.