XSS in the view page with the SLA column configured in Checkmk versions prior to 2.3.0p14, 2.2.0p33, 2.1.0p47 and 2.0.0 (EOL) allowed malicious users to execute arbitrary scripts by injecting HTML elements into the SLA column title. These scripts could be executed when the view page was cloned by other users.
References
History

Tue, 03 Dec 2024 18:15:00 +0000

Type Values Removed Values Added
First Time appeared Checkmk
Checkmk checkmk
Weaknesses CWE-79
CPEs cpe:2.3:a:checkmk:checkmk:2.0.0:*:*:*:*:*:*:*
cpe:2.3:a:checkmk:checkmk:2.1.0:-:*:*:*:*:*:*
cpe:2.3:a:checkmk:checkmk:2.1.0:b1:*:*:*:*:*:*
cpe:2.3:a:checkmk:checkmk:2.1.0:b2:*:*:*:*:*:*
cpe:2.3:a:checkmk:checkmk:2.1.0:b3:*:*:*:*:*:*
cpe:2.3:a:checkmk:checkmk:2.1.0:b4:*:*:*:*:*:*
cpe:2.3:a:checkmk:checkmk:2.1.0:b5:*:*:*:*:*:*
cpe:2.3:a:checkmk:checkmk:2.1.0:b6:*:*:*:*:*:*
cpe:2.3:a:checkmk:checkmk:2.1.0:b7:*:*:*:*:*:*
cpe:2.3:a:checkmk:checkmk:2.1.0:b8:*:*:*:*:*:*
cpe:2.3:a:checkmk:checkmk:2.1.0:b9:*:*:*:*:*:*
cpe:2.3:a:checkmk:checkmk:2.1.0:p10:*:*:*:*:*:*
cpe:2.3:a:checkmk:checkmk:2.1.0:p11:*:*:*:*:*:*
cpe:2.3:a:checkmk:checkmk:2.1.0:p12:*:*:*:*:*:*
cpe:2.3:a:checkmk:checkmk:2.1.0:p13:*:*:*:*:*:*
cpe:2.3:a:checkmk:checkmk:2.1.0:p14:*:*:*:*:*:*
cpe:2.3:a:checkmk:checkmk:2.1.0:p15:*:*:*:*:*:*
cpe:2.3:a:checkmk:checkmk:2.1.0:p16:*:*:*:*:*:*
cpe:2.3:a:checkmk:checkmk:2.1.0:p17:*:*:*:*:*:*
cpe:2.3:a:checkmk:checkmk:2.1.0:p18:*:*:*:*:*:*
cpe:2.3:a:checkmk:checkmk:2.1.0:p19:*:*:*:*:*:*
cpe:2.3:a:checkmk:checkmk:2.1.0:p1:*:*:*:*:*:*
cpe:2.3:a:checkmk:checkmk:2.1.0:p20:*:*:*:*:*:*
cpe:2.3:a:checkmk:checkmk:2.1.0:p21:*:*:*:*:*:*
cpe:2.3:a:checkmk:checkmk:2.1.0:p22:*:*:*:*:*:*
cpe:2.3:a:checkmk:checkmk:2.1.0:p23:*:*:*:*:*:*
cpe:2.3:a:checkmk:checkmk:2.1.0:p24:*:*:*:*:*:*
cpe:2.3:a:checkmk:checkmk:2.1.0:p25:*:*:*:*:*:*
cpe:2.3:a:checkmk:checkmk:2.1.0:p26:*:*:*:*:*:*
cpe:2.3:a:checkmk:checkmk:2.1.0:p27:*:*:*:*:*:*
cpe:2.3:a:checkmk:checkmk:2.1.0:p28:*:*:*:*:*:*
cpe:2.3:a:checkmk:checkmk:2.1.0:p29:*:*:*:*:*:*
cpe:2.3:a:checkmk:checkmk:2.1.0:p2:*:*:*:*:*:*
cpe:2.3:a:checkmk:checkmk:2.1.0:p30:*:*:*:*:*:*
cpe:2.3:a:checkmk:checkmk:2.1.0:p31:*:*:*:*:*:*
cpe:2.3:a:checkmk:checkmk:2.1.0:p32:*:*:*:*:*:*
cpe:2.3:a:checkmk:checkmk:2.1.0:p33:*:*:*:*:*:*
cpe:2.3:a:checkmk:checkmk:2.1.0:p34:*:*:*:*:*:*
cpe:2.3:a:checkmk:checkmk:2.1.0:p35:*:*:*:*:*:*
cpe:2.3:a:checkmk:checkmk:2.1.0:p36:*:*:*:*:*:*
cpe:2.3:a:checkmk:checkmk:2.1.0:p37:*:*:*:*:*:*
cpe:2.3:a:checkmk:checkmk:2.1.0:p38:*:*:*:*:*:*
cpe:2.3:a:checkmk:checkmk:2.1.0:p39:*:*:*:*:*:*
cpe:2.3:a:checkmk:checkmk:2.1.0:p3:*:*:*:*:*:*
cpe:2.3:a:checkmk:checkmk:2.1.0:p40:*:*:*:*:*:*
cpe:2.3:a:checkmk:checkmk:2.1.0:p41:*:*:*:*:*:*
cpe:2.3:a:checkmk:checkmk:2.1.0:p42:*:*:*:*:*:*
cpe:2.3:a:checkmk:checkmk:2.1.0:p43:*:*:*:*:*:*
cpe:2.3:a:checkmk:checkmk:2.1.0:p44:*:*:*:*:*:*
cpe:2.3:a:checkmk:checkmk:2.1.0:p45:*:*:*:*:*:*
cpe:2.3:a:checkmk:checkmk:2.1.0:p46:*:*:*:*:*:*
cpe:2.3:a:checkmk:checkmk:2.1.0:p4:*:*:*:*:*:*
cpe:2.3:a:checkmk:checkmk:2.1.0:p5:*:*:*:*:*:*
cpe:2.3:a:checkmk:checkmk:2.1.0:p6:*:*:*:*:*:*
cpe:2.3:a:checkmk:checkmk:2.1.0:p7:*:*:*:*:*:*
cpe:2.3:a:checkmk:checkmk:2.1.0:p8:*:*:*:*:*:*
cpe:2.3:a:checkmk:checkmk:2.1.0:p9:*:*:*:*:*:*
cpe:2.3:a:checkmk:checkmk:2.2.0:-:*:*:*:*:*:*
cpe:2.3:a:checkmk:checkmk:2.2.0:b1:*:*:*:*:*:*
cpe:2.3:a:checkmk:checkmk:2.2.0:b2:*:*:*:*:*:*
cpe:2.3:a:checkmk:checkmk:2.2.0:b3:*:*:*:*:*:*
cpe:2.3:a:checkmk:checkmk:2.2.0:b4:*:*:*:*:*:*
cpe:2.3:a:checkmk:checkmk:2.2.0:b5:*:*:*:*:*:*
cpe:2.3:a:checkmk:checkmk:2.2.0:b6:*:*:*:*:*:*
cpe:2.3:a:checkmk:checkmk:2.2.0:b7:*:*:*:*:*:*
cpe:2.3:a:checkmk:checkmk:2.2.0:b8:*:*:*:*:*:*
cpe:2.3:a:checkmk:checkmk:2.2.0:i1:*:*:*:*:*:*
cpe:2.3:a:checkmk:checkmk:2.2.0:p10:*:*:*:*:*:*
cpe:2.3:a:checkmk:checkmk:2.2.0:p11:*:*:*:*:*:*
cpe:2.3:a:checkmk:checkmk:2.2.0:p12:*:*:*:*:*:*
cpe:2.3:a:checkmk:checkmk:2.2.0:p13:*:*:*:*:*:*
cpe:2.3:a:checkmk:checkmk:2.2.0:p14:*:*:*:*:*:*
cpe:2.3:a:checkmk:checkmk:2.2.0:p15:*:*:*:*:*:*
cpe:2.3:a:checkmk:checkmk:2.2.0:p16:*:*:*:*:*:*
cpe:2.3:a:checkmk:checkmk:2.2.0:p17:*:*:*:*:*:*
cpe:2.3:a:checkmk:checkmk:2.2.0:p18:*:*:*:*:*:*
cpe:2.3:a:checkmk:checkmk:2.2.0:p19:*:*:*:*:*:*
cpe:2.3:a:checkmk:checkmk:2.2.0:p1:*:*:*:*:*:*
cpe:2.3:a:checkmk:checkmk:2.2.0:p20:*:*:*:*:*:*
cpe:2.3:a:checkmk:checkmk:2.2.0:p21:*:*:*:*:*:*
cpe:2.3:a:checkmk:checkmk:2.2.0:p22:*:*:*:*:*:*
cpe:2.3:a:checkmk:checkmk:2.2.0:p23:*:*:*:*:*:*
cpe:2.3:a:checkmk:checkmk:2.2.0:p24:*:*:*:*:*:*
cpe:2.3:a:checkmk:checkmk:2.2.0:p25:*:*:*:*:*:*
cpe:2.3:a:checkmk:checkmk:2.2.0:p26:*:*:*:*:*:*
cpe:2.3:a:checkmk:checkmk:2.2.0:p27:*:*:*:*:*:*
cpe:2.3:a:checkmk:checkmk:2.2.0:p28:*:*:*:*:*:*
cpe:2.3:a:checkmk:checkmk:2.2.0:p29:*:*:*:*:*:*
cpe:2.3:a:checkmk:checkmk:2.2.0:p2:*:*:*:*:*:*
cpe:2.3:a:checkmk:checkmk:2.2.0:p30:*:*:*:*:*:*
cpe:2.3:a:checkmk:checkmk:2.2.0:p31:*:*:*:*:*:*
cpe:2.3:a:checkmk:checkmk:2.2.0:p32:*:*:*:*:*:*
cpe:2.3:a:checkmk:checkmk:2.2.0:p3:*:*:*:*:*:*
cpe:2.3:a:checkmk:checkmk:2.2.0:p4:*:*:*:*:*:*
cpe:2.3:a:checkmk:checkmk:2.2.0:p5:*:*:*:*:*:*
cpe:2.3:a:checkmk:checkmk:2.2.0:p6:*:*:*:*:*:*
cpe:2.3:a:checkmk:checkmk:2.2.0:p7:*:*:*:*:*:*
cpe:2.3:a:checkmk:checkmk:2.2.0:p8:*:*:*:*:*:*
cpe:2.3:a:checkmk:checkmk:2.2.0:p9:*:*:*:*:*:*
cpe:2.3:a:checkmk:checkmk:2.3.0:-:*:*:*:*:*:*
cpe:2.3:a:checkmk:checkmk:2.3.0:b1:*:*:*:*:*:*
cpe:2.3:a:checkmk:checkmk:2.3.0:b2:*:*:*:*:*:*
cpe:2.3:a:checkmk:checkmk:2.3.0:b3:*:*:*:*:*:*
cpe:2.3:a:checkmk:checkmk:2.3.0:b4:*:*:*:*:*:*
cpe:2.3:a:checkmk:checkmk:2.3.0:b5:*:*:*:*:*:*
cpe:2.3:a:checkmk:checkmk:2.3.0:b6:*:*:*:*:*:*
cpe:2.3:a:checkmk:checkmk:2.3.0:p10:*:*:*:*:*:*
cpe:2.3:a:checkmk:checkmk:2.3.0:p11:*:*:*:*:*:*
cpe:2.3:a:checkmk:checkmk:2.3.0:p12:*:*:*:*:*:*
cpe:2.3:a:checkmk:checkmk:2.3.0:p13:*:*:*:*:*:*
cpe:2.3:a:checkmk:checkmk:2.3.0:p1:*:*:*:*:*:*
cpe:2.3:a:checkmk:checkmk:2.3.0:p2:*:*:*:*:*:*
cpe:2.3:a:checkmk:checkmk:2.3.0:p3:*:*:*:*:*:*
cpe:2.3:a:checkmk:checkmk:2.3.0:p4:*:*:*:*:*:*
cpe:2.3:a:checkmk:checkmk:2.3.0:p5:*:*:*:*:*:*
cpe:2.3:a:checkmk:checkmk:2.3.0:p6:*:*:*:*:*:*
cpe:2.3:a:checkmk:checkmk:2.3.0:p7:*:*:*:*:*:*
cpe:2.3:a:checkmk:checkmk:2.3.0:p8:*:*:*:*:*:*
cpe:2.3:a:checkmk:checkmk:2.3.0:p9:*:*:*:*:*:*
Vendors & Products Checkmk
Checkmk checkmk
Metrics cvssV3_1

{'score': 6.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N'}


Mon, 26 Aug 2024 16:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Mon, 26 Aug 2024 14:30:00 +0000

Type Values Removed Values Added
Description XSS in the view page with the SLA column configured in Checkmk versions prior to 2.3.0p14, 2.2.0p33, 2.1.0p47 and 2.0.0 (EOL) allowed malicious users to execute arbitrary scripts by injecting HTML elements into the SLA column title. These scripts could be executed when the view page was cloned by other users.
Title XSS in view page with SLA column
Weaknesses CWE-80
References
Metrics cvssV4_0

{'score': 4.8, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N'}


cve-icon MITRE

Status: PUBLISHED

Assigner: Checkmk

Published: 2024-08-26T14:15:32.555Z

Updated: 2024-08-26T15:22:30.830Z

Reserved: 2024-06-20T10:03:09.178Z

Link: CVE-2024-38859

cve-icon Vulnrichment

Updated: 2024-08-26T15:22:27.059Z

cve-icon NVD

Status : Analyzed

Published: 2024-08-26T15:15:08.183

Modified: 2024-12-03T17:47:02.467

Link: CVE-2024-38859

cve-icon Redhat

No data.