CVE-2022-24564

Опубликовано: 21 фев. 2022

Источник: nvd

CVSS3: 6.1

CVSS2: 4.3

EPSS Низкий

Описание

Checkmk <=2.0.0p19 contains a Cross Site Scripting (XSS) vulnerability. While creating or editing a user attribute, the Help Text is subject to HTML injection, which can be triggered for editing a user.

Ссылки

https://checkmk.com/werk/13199
Patch
Vendor Advisory
https://checkmk.com/werk/13199
Patch
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:checkmk:checkmk:2.0.0:-:*:*:*:*:*:*

cpe:2.3:a:checkmk:checkmk:2.0.0:b1:*:*:*:*:*:*

cpe:2.3:a:checkmk:checkmk:2.0.0:b2:*:*:*:*:*:*

cpe:2.3:a:checkmk:checkmk:2.0.0:b3:*:*:*:*:*:*

cpe:2.3:a:checkmk:checkmk:2.0.0:b4:*:*:*:*:*:*

cpe:2.3:a:checkmk:checkmk:2.0.0:b5:*:*:*:*:*:*

cpe:2.3:a:checkmk:checkmk:2.0.0:b6:*:*:*:*:*:*

cpe:2.3:a:checkmk:checkmk:2.0.0:b7:*:*:*:*:*:*

cpe:2.3:a:checkmk:checkmk:2.0.0:b8:*:*:*:*:*:*

cpe:2.3:a:checkmk:checkmk:2.0.0:i1:*:*:*:*:*:*

cpe:2.3:a:checkmk:checkmk:2.0.0:p1:*:*:*:*:*:*

cpe:2.3:a:checkmk:checkmk:2.0.0:p10:*:*:*:*:*:*

cpe:2.3:a:checkmk:checkmk:2.0.0:p11:*:*:*:*:*:*

cpe:2.3:a:checkmk:checkmk:2.0.0:p12:*:*:*:*:*:*

cpe:2.3:a:checkmk:checkmk:2.0.0:p13:*:*:*:*:*:*

cpe:2.3:a:checkmk:checkmk:2.0.0:p14:*:*:*:*:*:*

cpe:2.3:a:checkmk:checkmk:2.0.0:p15:*:*:*:*:*:*

cpe:2.3:a:checkmk:checkmk:2.0.0:p16:*:*:*:*:*:*

cpe:2.3:a:checkmk:checkmk:2.0.0:p17:*:*:*:*:*:*

cpe:2.3:a:checkmk:checkmk:2.0.0:p18:*:*:*:*:*:*

cpe:2.3:a:checkmk:checkmk:2.0.0:p19:*:*:*:*:*:*

EPSS

Процентиль: 69%

0.00616

Низкий

6.1 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-79

Связанные уязвимости

CVE-2022-24564

CVSS3: 6.1

ubuntu

почти 4 года назад

CVE-2022-24564

CVSS3: 6.1

debian

почти 4 года назад

Checkmk <=2.0.0p19 contains a Cross Site Scripting (XSS) vulnerability ...

GHSA-3w73-4p4p-f992

CVSS3: 6.1

github

почти 4 года назад

EPSS

Процентиль: 69%

0.00616

Низкий

6.1 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-79