Remote Site Secrets Exposed in Checkmk Log Files
CVE-2024-47094

5.7MEDIUM

Key Information:

Status
Vendor
CVE Published:
29 November 2024

What is CVE-2024-47094?

Insertion of Sensitive Information into Log File in Checkmk GmbH's Checkmk versions <2.3.0p22, <2.2.0p37, <2.1.0p50 (EOL) causes remote site secrets to be written to web log files accessible to local site users.

Affected Version(s)

Checkmk 2.3.0 < 2.3.0p22

Checkmk 2.2.0 < 2.2.0p37

Checkmk 2.1.0 < 2.1.0p50

References

CVSS V4

Score:
5.7
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
None
Attack Vector:
Local
Attack Complexity:
Low
Attack Required:
Physical
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.