This Werk fixes a Persistant Cross-Site-Scripting (XSS) vulnerability. (CWE-79)
The title of a Predefined condition is not properly escaped when shown
No mitigation is available.
Checkmk 1.6 and Checkmk 2.0 were subject to this vulnerability.
To detect if this vulnerability is/was used you can check
etc/check_mk/conf.d/wato/predefined_conditions.mk for HTML code.
Please be aware that an attacker could delete the code after a attack.
CVE is CVE-2022-24566.
CVSS: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:N (6.3 medium)
We thank Manuel Sommer for finding this vulnerability and bringing this to our
To the list of all Werks