CVE-2024-28832

Опубликовано: 25 июн. 2024

Источник: nvd

CVSS3: 4.8

EPSS Низкий

Описание

Stored XSS in the Crash Report page in Checkmk before versions 2.3.0p7, 2.2.0p28, 2.1.0p45, and 2.0.0 (EOL) allows users with permission to change Global Settings to execute arbitrary scripts by injecting HTML elements into the Crash Report URL in the Global Settings.

Ссылки

https://checkmk.com/werk/17024
Vendor Advisory
https://checkmk.com/werk/17024
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:checkmk:checkmk:*:*:*:*:*:*:*:*

Версия до 2.0.0 (включая)

cpe:2.3:a:checkmk:checkmk:2.1.0:-:*:*:*:*:*:*

cpe:2.3:a:checkmk:checkmk:2.1.0:b1:*:*:*:*:*:*

cpe:2.3:a:checkmk:checkmk:2.1.0:b2:*:*:*:*:*:*

cpe:2.3:a:checkmk:checkmk:2.1.0:b3:*:*:*:*:*:*

cpe:2.3:a:checkmk:checkmk:2.1.0:b4:*:*:*:*:*:*

cpe:2.3:a:checkmk:checkmk:2.1.0:b5:*:*:*:*:*:*

cpe:2.3:a:checkmk:checkmk:2.1.0:b6:*:*:*:*:*:*

cpe:2.3:a:checkmk:checkmk:2.1.0:b7:*:*:*:*:*:*

cpe:2.3:a:checkmk:checkmk:2.1.0:b8:*:*:*:*:*:*

cpe:2.3:a:checkmk:checkmk:2.1.0:b9:*:*:*:*:*:*

cpe:2.3:a:checkmk:checkmk:2.1.0:p1:*:*:*:*:*:*

cpe:2.3:a:checkmk:checkmk:2.1.0:p10:*:*:*:*:*:*

cpe:2.3:a:checkmk:checkmk:2.1.0:p11:*:*:*:*:*:*

cpe:2.3:a:checkmk:checkmk:2.1.0:p12:*:*:*:*:*:*

cpe:2.3:a:checkmk:checkmk:2.1.0:p13:*:*:*:*:*:*

cpe:2.3:a:checkmk:checkmk:2.1.0:p14:*:*:*:*:*:*

cpe:2.3:a:checkmk:checkmk:2.1.0:p15:*:*:*:*:*:*

cpe:2.3:a:checkmk:checkmk:2.1.0:p16:*:*:*:*:*:*

cpe:2.3:a:checkmk:checkmk:2.1.0:p17:*:*:*:*:*:*

cpe:2.3:a:checkmk:checkmk:2.1.0:p18:*:*:*:*:*:*

cpe:2.3:a:checkmk:checkmk:2.1.0:p19:*:*:*:*:*:*

cpe:2.3:a:checkmk:checkmk:2.1.0:p2:*:*:*:*:*:*

cpe:2.3:a:checkmk:checkmk:2.1.0:p20:*:*:*:*:*:*

cpe:2.3:a:checkmk:checkmk:2.1.0:p21:*:*:*:*:*:*

cpe:2.3:a:checkmk:checkmk:2.1.0:p22:*:*:*:*:*:*

cpe:2.3:a:checkmk:checkmk:2.1.0:p23:*:*:*:*:*:*

cpe:2.3:a:checkmk:checkmk:2.1.0:p24:*:*:*:*:*:*

cpe:2.3:a:checkmk:checkmk:2.1.0:p25:*:*:*:*:*:*

cpe:2.3:a:checkmk:checkmk:2.1.0:p26:*:*:*:*:*:*

cpe:2.3:a:checkmk:checkmk:2.1.0:p27:*:*:*:*:*:*

cpe:2.3:a:checkmk:checkmk:2.1.0:p28:*:*:*:*:*:*

cpe:2.3:a:checkmk:checkmk:2.1.0:p29:*:*:*:*:*:*

cpe:2.3:a:checkmk:checkmk:2.1.0:p3:*:*:*:*:*:*

cpe:2.3:a:checkmk:checkmk:2.1.0:p30:*:*:*:*:*:*

cpe:2.3:a:checkmk:checkmk:2.1.0:p31:*:*:*:*:*:*

cpe:2.3:a:checkmk:checkmk:2.1.0:p32:*:*:*:*:*:*

cpe:2.3:a:checkmk:checkmk:2.1.0:p33:*:*:*:*:*:*

cpe:2.3:a:checkmk:checkmk:2.1.0:p34:*:*:*:*:*:*

cpe:2.3:a:checkmk:checkmk:2.1.0:p35:*:*:*:*:*:*

cpe:2.3:a:checkmk:checkmk:2.1.0:p36:*:*:*:*:*:*

cpe:2.3:a:checkmk:checkmk:2.1.0:p37:*:*:*:*:*:*

cpe:2.3:a:checkmk:checkmk:2.1.0:p38:*:*:*:*:*:*

cpe:2.3:a:checkmk:checkmk:2.1.0:p39:*:*:*:*:*:*

cpe:2.3:a:checkmk:checkmk:2.1.0:p4:*:*:*:*:*:*

cpe:2.3:a:checkmk:checkmk:2.1.0:p40:*:*:*:*:*:*

cpe:2.3:a:checkmk:checkmk:2.1.0:p41:*:*:*:*:*:*

cpe:2.3:a:checkmk:checkmk:2.1.0:p42:*:*:*:*:*:*

cpe:2.3:a:checkmk:checkmk:2.1.0:p43:*:*:*:*:*:*

cpe:2.3:a:checkmk:checkmk:2.1.0:p44:*:*:*:*:*:*

cpe:2.3:a:checkmk:checkmk:2.1.0:p5:*:*:*:*:*:*

cpe:2.3:a:checkmk:checkmk:2.1.0:p6:*:*:*:*:*:*

cpe:2.3:a:checkmk:checkmk:2.1.0:p7:*:*:*:*:*:*

cpe:2.3:a:checkmk:checkmk:2.1.0:p8:*:*:*:*:*:*

cpe:2.3:a:checkmk:checkmk:2.1.0:p9:*:*:*:*:*:*

cpe:2.3:a:checkmk:checkmk:2.2.0:-:*:*:*:*:*:*

cpe:2.3:a:checkmk:checkmk:2.2.0:b1:*:*:*:*:*:*

cpe:2.3:a:checkmk:checkmk:2.2.0:b2:*:*:*:*:*:*

cpe:2.3:a:checkmk:checkmk:2.2.0:b3:*:*:*:*:*:*

cpe:2.3:a:checkmk:checkmk:2.2.0:b4:*:*:*:*:*:*

cpe:2.3:a:checkmk:checkmk:2.2.0:b5:*:*:*:*:*:*

cpe:2.3:a:checkmk:checkmk:2.2.0:b6:*:*:*:*:*:*

cpe:2.3:a:checkmk:checkmk:2.2.0:b7:*:*:*:*:*:*

cpe:2.3:a:checkmk:checkmk:2.2.0:b8:*:*:*:*:*:*

cpe:2.3:a:checkmk:checkmk:2.2.0:i1:*:*:*:*:*:*

cpe:2.3:a:checkmk:checkmk:2.2.0:p1:*:*:*:*:*:*

cpe:2.3:a:checkmk:checkmk:2.2.0:p10:*:*:*:*:*:*

cpe:2.3:a:checkmk:checkmk:2.2.0:p11:*:*:*:*:*:*

cpe:2.3:a:checkmk:checkmk:2.2.0:p12:*:*:*:*:*:*

cpe:2.3:a:checkmk:checkmk:2.2.0:p13:*:*:*:*:*:*

cpe:2.3:a:checkmk:checkmk:2.2.0:p14:*:*:*:*:*:*

cpe:2.3:a:checkmk:checkmk:2.2.0:p15:*:*:*:*:*:*

cpe:2.3:a:checkmk:checkmk:2.2.0:p16:*:*:*:*:*:*

cpe:2.3:a:checkmk:checkmk:2.2.0:p17:*:*:*:*:*:*

cpe:2.3:a:checkmk:checkmk:2.2.0:p18:*:*:*:*:*:*

cpe:2.3:a:checkmk:checkmk:2.2.0:p19:*:*:*:*:*:*

cpe:2.3:a:checkmk:checkmk:2.2.0:p2:*:*:*:*:*:*

cpe:2.3:a:checkmk:checkmk:2.2.0:p20:*:*:*:*:*:*

cpe:2.3:a:checkmk:checkmk:2.2.0:p21:*:*:*:*:*:*

cpe:2.3:a:checkmk:checkmk:2.2.0:p22:*:*:*:*:*:*

cpe:2.3:a:checkmk:checkmk:2.2.0:p23:*:*:*:*:*:*

cpe:2.3:a:checkmk:checkmk:2.2.0:p24:*:*:*:*:*:*

cpe:2.3:a:checkmk:checkmk:2.2.0:p25:*:*:*:*:*:*

cpe:2.3:a:checkmk:checkmk:2.2.0:p26:*:*:*:*:*:*

cpe:2.3:a:checkmk:checkmk:2.2.0:p27:*:*:*:*:*:*

cpe:2.3:a:checkmk:checkmk:2.2.0:p3:*:*:*:*:*:*

cpe:2.3:a:checkmk:checkmk:2.2.0:p4:*:*:*:*:*:*

cpe:2.3:a:checkmk:checkmk:2.2.0:p5:*:*:*:*:*:*

cpe:2.3:a:checkmk:checkmk:2.2.0:p6:*:*:*:*:*:*

cpe:2.3:a:checkmk:checkmk:2.2.0:p7:*:*:*:*:*:*

cpe:2.3:a:checkmk:checkmk:2.2.0:p8:*:*:*:*:*:*

cpe:2.3:a:checkmk:checkmk:2.2.0:p9:*:*:*:*:*:*

cpe:2.3:a:checkmk:checkmk:2.3.0:-:*:*:*:*:*:*

cpe:2.3:a:checkmk:checkmk:2.3.0:b1:*:*:*:*:*:*

cpe:2.3:a:checkmk:checkmk:2.3.0:b2:*:*:*:*:*:*

cpe:2.3:a:checkmk:checkmk:2.3.0:b3:*:*:*:*:*:*

cpe:2.3:a:checkmk:checkmk:2.3.0:b4:*:*:*:*:*:*

cpe:2.3:a:checkmk:checkmk:2.3.0:b5:*:*:*:*:*:*

cpe:2.3:a:checkmk:checkmk:2.3.0:b6:*:*:*:*:*:*

cpe:2.3:a:checkmk:checkmk:2.3.0:p1:*:*:*:*:*:*

cpe:2.3:a:checkmk:checkmk:2.3.0:p2:*:*:*:*:*:*

cpe:2.3:a:checkmk:checkmk:2.3.0:p3:*:*:*:*:*:*

cpe:2.3:a:checkmk:checkmk:2.3.0:p4:*:*:*:*:*:*

cpe:2.3:a:checkmk:checkmk:2.3.0:p5:*:*:*:*:*:*

cpe:2.3:a:checkmk:checkmk:2.3.0:p6:*:*:*:*:*:*

EPSS

Процентиль: 70%

0.00645

Низкий

4.8 Medium

CVSS3

Дефекты

CWE-80

CWE-79

Связанные уязвимости

CVE-2024-28832

CVSS3: 4.8

ubuntu

больше 1 года назад

CVE-2024-28832

CVSS3: 4.8

debian

больше 1 года назад

Stored XSS in the Crash Report page in Checkmk before versions 2.3.0p7 ...

GHSA-4wv7-jg5w-qpfh

CVSS3: 4.8

github

больше 1 года назад

EPSS

Процентиль: 70%

0.00645

Низкий

4.8 Medium

CVSS3

Дефекты

CWE-80

CWE-79