Exposure of CSRF tokens in query parameters on specific requests in Checkmk GmbH's Checkmk versions <2.3.0p18, <2.2.0p35 and <2.1.0p48 could lead to a leak of the token to facilitate targeted phishing attacks.
Metrics
Affected Vendors & Products
References
Link | Providers |
---|---|
https://checkmk.com/werk/17096 |
History
Tue, 03 Dec 2024 17:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Checkmk
Checkmk checkmk |
|
Weaknesses | NVD-CWE-Other | |
CPEs | cpe:2.3:a:checkmk:checkmk:2.1.0:-:*:*:*:*:*:* cpe:2.3:a:checkmk:checkmk:2.1.0:b1:*:*:*:*:*:* cpe:2.3:a:checkmk:checkmk:2.1.0:b2:*:*:*:*:*:* cpe:2.3:a:checkmk:checkmk:2.1.0:b3:*:*:*:*:*:* cpe:2.3:a:checkmk:checkmk:2.1.0:b4:*:*:*:*:*:* cpe:2.3:a:checkmk:checkmk:2.1.0:b5:*:*:*:*:*:* cpe:2.3:a:checkmk:checkmk:2.1.0:b6:*:*:*:*:*:* cpe:2.3:a:checkmk:checkmk:2.1.0:b7:*:*:*:*:*:* cpe:2.3:a:checkmk:checkmk:2.1.0:b8:*:*:*:*:*:* cpe:2.3:a:checkmk:checkmk:2.1.0:b9:*:*:*:*:*:* cpe:2.3:a:checkmk:checkmk:2.1.0:p10:*:*:*:*:*:* cpe:2.3:a:checkmk:checkmk:2.1.0:p11:*:*:*:*:*:* cpe:2.3:a:checkmk:checkmk:2.1.0:p12:*:*:*:*:*:* cpe:2.3:a:checkmk:checkmk:2.1.0:p13:*:*:*:*:*:* cpe:2.3:a:checkmk:checkmk:2.1.0:p14:*:*:*:*:*:* cpe:2.3:a:checkmk:checkmk:2.1.0:p15:*:*:*:*:*:* cpe:2.3:a:checkmk:checkmk:2.1.0:p16:*:*:*:*:*:* cpe:2.3:a:checkmk:checkmk:2.1.0:p17:*:*:*:*:*:* cpe:2.3:a:checkmk:checkmk:2.1.0:p18:*:*:*:*:*:* cpe:2.3:a:checkmk:checkmk:2.1.0:p19:*:*:*:*:*:* cpe:2.3:a:checkmk:checkmk:2.1.0:p1:*:*:*:*:*:* cpe:2.3:a:checkmk:checkmk:2.1.0:p20:*:*:*:*:*:* cpe:2.3:a:checkmk:checkmk:2.1.0:p21:*:*:*:*:*:* cpe:2.3:a:checkmk:checkmk:2.1.0:p22:*:*:*:*:*:* cpe:2.3:a:checkmk:checkmk:2.1.0:p23:*:*:*:*:*:* cpe:2.3:a:checkmk:checkmk:2.1.0:p24:*:*:*:*:*:* cpe:2.3:a:checkmk:checkmk:2.1.0:p25:*:*:*:*:*:* cpe:2.3:a:checkmk:checkmk:2.1.0:p26:*:*:*:*:*:* cpe:2.3:a:checkmk:checkmk:2.1.0:p27:*:*:*:*:*:* cpe:2.3:a:checkmk:checkmk:2.1.0:p28:*:*:*:*:*:* cpe:2.3:a:checkmk:checkmk:2.1.0:p29:*:*:*:*:*:* cpe:2.3:a:checkmk:checkmk:2.1.0:p2:*:*:*:*:*:* cpe:2.3:a:checkmk:checkmk:2.1.0:p30:*:*:*:*:*:* cpe:2.3:a:checkmk:checkmk:2.1.0:p31:*:*:*:*:*:* cpe:2.3:a:checkmk:checkmk:2.1.0:p32:*:*:*:*:*:* cpe:2.3:a:checkmk:checkmk:2.1.0:p33:*:*:*:*:*:* cpe:2.3:a:checkmk:checkmk:2.1.0:p34:*:*:*:*:*:* cpe:2.3:a:checkmk:checkmk:2.1.0:p35:*:*:*:*:*:* cpe:2.3:a:checkmk:checkmk:2.1.0:p36:*:*:*:*:*:* cpe:2.3:a:checkmk:checkmk:2.1.0:p37:*:*:*:*:*:* cpe:2.3:a:checkmk:checkmk:2.1.0:p38:*:*:*:*:*:* cpe:2.3:a:checkmk:checkmk:2.1.0:p39:*:*:*:*:*:* cpe:2.3:a:checkmk:checkmk:2.1.0:p3:*:*:*:*:*:* cpe:2.3:a:checkmk:checkmk:2.1.0:p40:*:*:*:*:*:* cpe:2.3:a:checkmk:checkmk:2.1.0:p41:*:*:*:*:*:* cpe:2.3:a:checkmk:checkmk:2.1.0:p42:*:*:*:*:*:* cpe:2.3:a:checkmk:checkmk:2.1.0:p43:*:*:*:*:*:* cpe:2.3:a:checkmk:checkmk:2.1.0:p44:*:*:*:*:*:* cpe:2.3:a:checkmk:checkmk:2.1.0:p45:*:*:*:*:*:* cpe:2.3:a:checkmk:checkmk:2.1.0:p46:*:*:*:*:*:* cpe:2.3:a:checkmk:checkmk:2.1.0:p47:*:*:*:*:*:* cpe:2.3:a:checkmk:checkmk:2.1.0:p4:*:*:*:*:*:* cpe:2.3:a:checkmk:checkmk:2.1.0:p5:*:*:*:*:*:* cpe:2.3:a:checkmk:checkmk:2.1.0:p6:*:*:*:*:*:* cpe:2.3:a:checkmk:checkmk:2.1.0:p7:*:*:*:*:*:* cpe:2.3:a:checkmk:checkmk:2.1.0:p8:*:*:*:*:*:* cpe:2.3:a:checkmk:checkmk:2.1.0:p9:*:*:*:*:*:* cpe:2.3:a:checkmk:checkmk:2.2.0:-:*:*:*:*:*:* cpe:2.3:a:checkmk:checkmk:2.2.0:b1:*:*:*:*:*:* cpe:2.3:a:checkmk:checkmk:2.2.0:b2:*:*:*:*:*:* cpe:2.3:a:checkmk:checkmk:2.2.0:b3:*:*:*:*:*:* cpe:2.3:a:checkmk:checkmk:2.2.0:b4:*:*:*:*:*:* cpe:2.3:a:checkmk:checkmk:2.2.0:b5:*:*:*:*:*:* cpe:2.3:a:checkmk:checkmk:2.2.0:b6:*:*:*:*:*:* cpe:2.3:a:checkmk:checkmk:2.2.0:b7:*:*:*:*:*:* cpe:2.3:a:checkmk:checkmk:2.2.0:b8:*:*:*:*:*:* cpe:2.3:a:checkmk:checkmk:2.2.0:i1:*:*:*:*:*:* cpe:2.3:a:checkmk:checkmk:2.2.0:p10:*:*:*:*:*:* cpe:2.3:a:checkmk:checkmk:2.2.0:p11:*:*:*:*:*:* cpe:2.3:a:checkmk:checkmk:2.2.0:p12:*:*:*:*:*:* cpe:2.3:a:checkmk:checkmk:2.2.0:p13:*:*:*:*:*:* cpe:2.3:a:checkmk:checkmk:2.2.0:p14:*:*:*:*:*:* cpe:2.3:a:checkmk:checkmk:2.2.0:p15:*:*:*:*:*:* cpe:2.3:a:checkmk:checkmk:2.2.0:p16:*:*:*:*:*:* cpe:2.3:a:checkmk:checkmk:2.2.0:p17:*:*:*:*:*:* cpe:2.3:a:checkmk:checkmk:2.2.0:p18:*:*:*:*:*:* cpe:2.3:a:checkmk:checkmk:2.2.0:p19:*:*:*:*:*:* cpe:2.3:a:checkmk:checkmk:2.2.0:p1:*:*:*:*:*:* cpe:2.3:a:checkmk:checkmk:2.2.0:p20:*:*:*:*:*:* cpe:2.3:a:checkmk:checkmk:2.2.0:p21:*:*:*:*:*:* cpe:2.3:a:checkmk:checkmk:2.2.0:p22:*:*:*:*:*:* cpe:2.3:a:checkmk:checkmk:2.2.0:p23:*:*:*:*:*:* cpe:2.3:a:checkmk:checkmk:2.2.0:p24:*:*:*:*:*:* cpe:2.3:a:checkmk:checkmk:2.2.0:p25:*:*:*:*:*:* cpe:2.3:a:checkmk:checkmk:2.2.0:p26:*:*:*:*:*:* cpe:2.3:a:checkmk:checkmk:2.2.0:p27:*:*:*:*:*:* cpe:2.3:a:checkmk:checkmk:2.2.0:p28:*:*:*:*:*:* cpe:2.3:a:checkmk:checkmk:2.2.0:p29:*:*:*:*:*:* cpe:2.3:a:checkmk:checkmk:2.2.0:p2:*:*:*:*:*:* cpe:2.3:a:checkmk:checkmk:2.2.0:p30:*:*:*:*:*:* cpe:2.3:a:checkmk:checkmk:2.2.0:p31:*:*:*:*:*:* cpe:2.3:a:checkmk:checkmk:2.2.0:p32:*:*:*:*:*:* cpe:2.3:a:checkmk:checkmk:2.2.0:p33:*:*:*:*:*:* cpe:2.3:a:checkmk:checkmk:2.2.0:p34:*:*:*:*:*:* cpe:2.3:a:checkmk:checkmk:2.2.0:p3:*:*:*:*:*:* cpe:2.3:a:checkmk:checkmk:2.2.0:p4:*:*:*:*:*:* cpe:2.3:a:checkmk:checkmk:2.2.0:p5:*:*:*:*:*:* cpe:2.3:a:checkmk:checkmk:2.2.0:p6:*:*:*:*:*:* cpe:2.3:a:checkmk:checkmk:2.2.0:p7:*:*:*:*:*:* cpe:2.3:a:checkmk:checkmk:2.2.0:p8:*:*:*:*:*:* cpe:2.3:a:checkmk:checkmk:2.2.0:p9:*:*:*:*:*:* cpe:2.3:a:checkmk:checkmk:2.3.0:-:*:*:*:*:*:* cpe:2.3:a:checkmk:checkmk:2.3.0:b1:*:*:*:*:*:* cpe:2.3:a:checkmk:checkmk:2.3.0:b2:*:*:*:*:*:* cpe:2.3:a:checkmk:checkmk:2.3.0:b3:*:*:*:*:*:* cpe:2.3:a:checkmk:checkmk:2.3.0:b4:*:*:*:*:*:* cpe:2.3:a:checkmk:checkmk:2.3.0:b5:*:*:*:*:*:* cpe:2.3:a:checkmk:checkmk:2.3.0:b6:*:*:*:*:*:* cpe:2.3:a:checkmk:checkmk:2.3.0:p10:*:*:*:*:*:* cpe:2.3:a:checkmk:checkmk:2.3.0:p11:*:*:*:*:*:* cpe:2.3:a:checkmk:checkmk:2.3.0:p12:*:*:*:*:*:* cpe:2.3:a:checkmk:checkmk:2.3.0:p13:*:*:*:*:*:* cpe:2.3:a:checkmk:checkmk:2.3.0:p14:*:*:*:*:*:* cpe:2.3:a:checkmk:checkmk:2.3.0:p15:*:*:*:*:*:* cpe:2.3:a:checkmk:checkmk:2.3.0:p16:*:*:*:*:*:* cpe:2.3:a:checkmk:checkmk:2.3.0:p17:*:*:*:*:*:* cpe:2.3:a:checkmk:checkmk:2.3.0:p1:*:*:*:*:*:* cpe:2.3:a:checkmk:checkmk:2.3.0:p2:*:*:*:*:*:* cpe:2.3:a:checkmk:checkmk:2.3.0:p3:*:*:*:*:*:* cpe:2.3:a:checkmk:checkmk:2.3.0:p4:*:*:*:*:*:* cpe:2.3:a:checkmk:checkmk:2.3.0:p5:*:*:*:*:*:* cpe:2.3:a:checkmk:checkmk:2.3.0:p6:*:*:*:*:*:* cpe:2.3:a:checkmk:checkmk:2.3.0:p7:*:*:*:*:*:* cpe:2.3:a:checkmk:checkmk:2.3.0:p8:*:*:*:*:*:* cpe:2.3:a:checkmk:checkmk:2.3.0:p9:*:*:*:*:*:* |
|
Vendors & Products |
Checkmk
Checkmk checkmk |
|
Metrics |
cvssV3_1
|
Mon, 14 Oct 2024 16:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
Mon, 14 Oct 2024 07:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | Exposure of CSRF tokens in query parameters on specific requests in Checkmk GmbH's Checkmk versions <2.3.0p18, <2.2.0p35 and <2.1.0p48 could lead to a leak of the token to facilitate targeted phishing attacks. | |
Title | CSRF token leaked in URL parameters | |
Weaknesses | CWE-598 | |
References |
| |
Metrics |
cvssV4_0
|
MITRE
Status: PUBLISHED
Assigner: Checkmk
Published: 2024-10-14T07:19:07.625Z
Updated: 2024-10-14T15:34:11.188Z
Reserved: 2024-06-20T10:03:09.178Z
Link: CVE-2024-38863
Vulnrichment
Updated: 2024-10-14T15:34:07.530Z
NVD
Status : Analyzed
Published: 2024-10-14T08:15:02.823
Modified: 2024-12-03T16:47:15.693
Link: CVE-2024-38863
Redhat
No data.