Remote Site Secrets Exposed in Checkmk Log Files
CVE-2024-47094

5.5MEDIUM

Key Information:

Vendor: Checkmk Gmbh
Status: Checkmk
Vendor: CVE Published:; 29 November 2024

Summary

Insertion of Sensitive Information into Log File in Checkmk GmbH's Checkmk versions <2.3.0p22, <2.2.0p37, <2.1.0p50 (EOL) causes remote site secrets to be written to web log files accessible to local site users.

Affected Version(s)

Checkmk 2.3.0 < 2.3.0p22

Checkmk 2.2.0 < 2.2.0p37

Checkmk 2.1.0 < 2.1.0p50

References

https://checkmk.com/werk/17342

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Nov 29, 2024
Vulnerability Reserved
Sep 18, 2024