Automation User Secrets Exposed in Audit Log Files
CVE-2024-28830

2.7LOW

Key Information:

Vendor: Checkmk Gmbh
Status: Checkmk
Vendor: CVE Published:; 26 June 2024

Summary

Insertion of Sensitive Information into Log File in Checkmk GmbH's Checkmk versions <2.3.0p7, <2.2.0p28, <2.1.0p45 and <=2.0.0p39 (EOL) causes automation user secrets to be written to audit log files accessible to administrators.

Affected Version(s)

Checkmk 2.3.0 < 2.3.0p7

Checkmk 2.2.0 < 2.2.0p28

Checkmk 2.1.0 < 2.1.0p45

References

https://checkmk.com/werk/17056

CVSS V3.1

Score:

2.7

Severity:

LOW

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jun 26, 2024
Vulnerability Reserved
Mar 11, 2024