Download

Werk #17059: Escape user input on load failure of visuals

Komponente User interface
Titel Escape user input on load failure of visuals
Datum 26.06.2024
Level Kleine Änderung
Klasse Sicherheitsfix
Kompatibilität Kompatibel - benötigt kein manuelles Eingreifen
Checkmk versions & editions
2.4.0b1 Checkmk Raw (CRE), Checkmk Enterprise (CEE), Checkmk Cloud (CCE), Checkmk MSP (CME)
2.3.0p8 Checkmk Raw (CRE), Checkmk Enterprise (CEE), Checkmk Cloud (CCE), Checkmk MSP (CME)
2.2.0p28 Checkmk Raw (CRE), Checkmk Enterprise (CEE), Checkmk Cloud (CCE), Checkmk MSP (CME)
2.1.0p45 Checkmk Raw (CRE), Checkmk Enterprise (CEE), Checkmk MSP (CME)

An attacker could create phishing links that take Checkmk users to their Checkmk installation and lure them into a malicious link if a visual (view/dashboard/report) did not exist.

Affected Versions:

LI: 2.3.0 LI: 2.2.0 LI: 2.1.0 LI: 2.0.0 (EOL)

Vulnerability Management:

We have rated the issue with a CVSS Score of <4.3 (Medium)> with the following CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N and assigned CVE CVE-2024-38857.

Zur Liste aller Werks

Überzeugen Sie sich selbst

Testen Sie Checkmk jetzt.

Raw Edition herunterladen Kostenloses Open-Source-Monitoring
Play with Checkmk Checkmk ohne Installation ausprobieren