Checkmk Versions Vulnerable to CSRF Tokens Leak
CVE-2024-38863

7.5HIGH

Key Information:

Vendor: Checkmk GmbH
Status: Checkmk
Vendor: CVE Published:; 14 October 2024

🔔 Create Checkmk GmbH Vulnerability Alert

What is CVE-2024-38863?

The vulnerability presents a serious security risk where Cross-Site Request Forgery (CSRF) tokens are exposed in query parameters across specific requests in several versions of Checkmk. This exposure allows attackers to leverage compromised tokens to orchestrate targeted phishing attacks, potentially gaining unauthorized access to sensitive information or manipulating user sessions. The affected versions are Checkmk <2.3.0p18, <2.2.0p35, and <2.1.0p48, requiring urgent attention from users to mitigate risks associated with this vulnerability.

References

https://checkmk.com/werk/17096

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 14, 2024