Werk #17059: Escape user input on load failure of visuals
| Component | User interface |
| Title | Escape user input on load failure of visuals |
| Date | Jun 26, 2024 |
| Checkmk Edition | Checkmk Raw (CRE) |
| Checkmk Version | 2.1.0p45 2.2.0p28 2.3.0p8 2.4.0b1 |
| Level | Trivial Change |
| Class | Security Fix |
| Compatibility | Compatible - no manual interaction needed |
An attacker could create phishing links that take Checkmk users to their Checkmk installation and lure them into a malicious link if a visual (view/dashboard/report) did not exist.
Affected Versions:
LI: 2.3.0 LI: 2.2.0 LI: 2.1.0 LI: 2.0.0 (EOL)
Vulnerability Management:
We have rated the issue with a CVSS Score of <4.3 (Medium)> with the following
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N and assigned CVE
CVE-2024-38857.