Stored XSS vulnerability in Checkmk before versions 2.3.0p8, 2.2.0p29, 2.1.0p45, and 2.0.0 (EOL)
CVE-2024-6052

5.4MEDIUM

Key Information:

Vendor
Checkmk Gmbh
Status
Checkmk
Vendor
CVE Published:
3 July 2024

Summary

Stored XSS in Checkmk before versions 2.3.0p10, 2.2.0p29, 2.1.0p45, and 2.0.0 (EOL) allows users to execute arbitrary scripts by injecting HTML elements

Affected Version(s)

Checkmk 2.3.0 < 2.3.0p10

Checkmk 2.2.0 < 2.2.0p29

Checkmk 2.1.0 < 2.1.0p45

References

https://checkmk.com/werk/17010

CVSS V3.1

Score:
5.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.