Explore the latest product updates and best practices at our hybrid Checkmk Conference #12 from June 16-18, 2026 – Register here
back to website

Werk #16618: Fix XSS in graph rendering

Component Setup
Title Fix XSS in graph rendering
Date Apr 4, 2024
Level Trivial Change
Class Security Fix
Compatibility Compatible - no manual interaction needed
Checkmk versions & editions
2.4.0b1 Checkmk Community, Checkmk Pro, Checkmk Ultimate, Checkmk Ultimate MT
2.3.0b4 Checkmk Community, Checkmk Pro, Checkmk Ultimate, Checkmk Ultimate MT

Prior to this Werk a service name with html tags lead to cross site scripting in the graph rendering.

We found this vulnerability internally.

Affected Versions:

Only 2.3.0 is affected, older versions are NOT affected.

Vulnerability Management:

We have rated the issue with a CVSS Score of 4.6 (Medium) with the following CVSS vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N. We assigned CVE-2024-2380 to this vulnerability.

Changes:

This Werk changes the encoding engine to use our customized JSON encoder.

To the list of all Werks