1-Click Compromise of Site Through Cross-Site Request Forgery Vulnerability
CVE-2024-28828

8.8HIGH

Key Information:

Vendor: Checkmk Gmbh
Status: Checkmk
Vendor: CVE Published:; 10 July 2024

Summary

A Cross-Site Request Forgery (CSRF) vulnerability exists in Checkmk versions below 2.3.0p8, 2.2.0p29, 2.1.0p45, and the end-of-life version 2.0.0p39. This vulnerability allows an attacker to perform unauthorized actions on behalf of a user without their consent, potentially leading to a compromise of the affected site with a single click. Users and administrators using vulnerable versions may face significant security risks, necessitating an immediate update to the latest version to mitigate this risk.

Affected Version(s)

Checkmk 2.3.0 < 2.3.0p8

Checkmk 2.2.0 < 2.2.0p29

Checkmk 2.1.0 < 2.1.0p45

References

https://checkmk.com/werk/17090

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Jul 10, 2024
Vulnerability Reserved
Mar 11, 2024

Credit

PS Positive Security GmbH