Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2024-38859

Опубликовано: 26 авг. 2024
Источник: nvd
CVSS3: 6.1
EPSS Низкий

Описание

XSS in the view page with the SLA column configured in Checkmk versions prior to 2.3.0p14, 2.2.0p33, 2.1.0p47 and 2.0.0 (EOL) allowed malicious users to execute arbitrary scripts by injecting HTML elements into the SLA column title. These scripts could be executed when the view page was cloned by other users.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:checkmk:checkmk:2.0.0:*:*:*:*:*:*:*
cpe:2.3:a:checkmk:checkmk:2.1.0:-:*:*:*:*:*:*
cpe:2.3:a:checkmk:checkmk:2.1.0:b1:*:*:*:*:*:*
cpe:2.3:a:checkmk:checkmk:2.1.0:b2:*:*:*:*:*:*
cpe:2.3:a:checkmk:checkmk:2.1.0:b3:*:*:*:*:*:*
cpe:2.3:a:checkmk:checkmk:2.1.0:b4:*:*:*:*:*:*
cpe:2.3:a:checkmk:checkmk:2.1.0:b5:*:*:*:*:*:*
cpe:2.3:a:checkmk:checkmk:2.1.0:b6:*:*:*:*:*:*
cpe:2.3:a:checkmk:checkmk:2.1.0:b7:*:*:*:*:*:*
cpe:2.3:a:checkmk:checkmk:2.1.0:b8:*:*:*:*:*:*
cpe:2.3:a:checkmk:checkmk:2.1.0:b9:*:*:*:*:*:*
cpe:2.3:a:checkmk:checkmk:2.1.0:p1:*:*:*:*:*:*
cpe:2.3:a:checkmk:checkmk:2.1.0:p10:*:*:*:*:*:*
cpe:2.3:a:checkmk:checkmk:2.1.0:p11:*:*:*:*:*:*
cpe:2.3:a:checkmk:checkmk:2.1.0:p12:*:*:*:*:*:*
cpe:2.3:a:checkmk:checkmk:2.1.0:p13:*:*:*:*:*:*
cpe:2.3:a:checkmk:checkmk:2.1.0:p14:*:*:*:*:*:*
cpe:2.3:a:checkmk:checkmk:2.1.0:p15:*:*:*:*:*:*
cpe:2.3:a:checkmk:checkmk:2.1.0:p16:*:*:*:*:*:*
cpe:2.3:a:checkmk:checkmk:2.1.0:p17:*:*:*:*:*:*
cpe:2.3:a:checkmk:checkmk:2.1.0:p18:*:*:*:*:*:*
cpe:2.3:a:checkmk:checkmk:2.1.0:p19:*:*:*:*:*:*
cpe:2.3:a:checkmk:checkmk:2.1.0:p2:*:*:*:*:*:*
cpe:2.3:a:checkmk:checkmk:2.1.0:p20:*:*:*:*:*:*
cpe:2.3:a:checkmk:checkmk:2.1.0:p21:*:*:*:*:*:*
cpe:2.3:a:checkmk:checkmk:2.1.0:p22:*:*:*:*:*:*
cpe:2.3:a:checkmk:checkmk:2.1.0:p23:*:*:*:*:*:*
cpe:2.3:a:checkmk:checkmk:2.1.0:p24:*:*:*:*:*:*
cpe:2.3:a:checkmk:checkmk:2.1.0:p25:*:*:*:*:*:*
cpe:2.3:a:checkmk:checkmk:2.1.0:p26:*:*:*:*:*:*
cpe:2.3:a:checkmk:checkmk:2.1.0:p27:*:*:*:*:*:*
cpe:2.3:a:checkmk:checkmk:2.1.0:p28:*:*:*:*:*:*
cpe:2.3:a:checkmk:checkmk:2.1.0:p29:*:*:*:*:*:*
cpe:2.3:a:checkmk:checkmk:2.1.0:p3:*:*:*:*:*:*
cpe:2.3:a:checkmk:checkmk:2.1.0:p30:*:*:*:*:*:*
cpe:2.3:a:checkmk:checkmk:2.1.0:p31:*:*:*:*:*:*
cpe:2.3:a:checkmk:checkmk:2.1.0:p32:*:*:*:*:*:*
cpe:2.3:a:checkmk:checkmk:2.1.0:p33:*:*:*:*:*:*
cpe:2.3:a:checkmk:checkmk:2.1.0:p34:*:*:*:*:*:*
cpe:2.3:a:checkmk:checkmk:2.1.0:p35:*:*:*:*:*:*
cpe:2.3:a:checkmk:checkmk:2.1.0:p36:*:*:*:*:*:*
cpe:2.3:a:checkmk:checkmk:2.1.0:p37:*:*:*:*:*:*
cpe:2.3:a:checkmk:checkmk:2.1.0:p38:*:*:*:*:*:*
cpe:2.3:a:checkmk:checkmk:2.1.0:p39:*:*:*:*:*:*
cpe:2.3:a:checkmk:checkmk:2.1.0:p4:*:*:*:*:*:*
cpe:2.3:a:checkmk:checkmk:2.1.0:p40:*:*:*:*:*:*
cpe:2.3:a:checkmk:checkmk:2.1.0:p41:*:*:*:*:*:*
cpe:2.3:a:checkmk:checkmk:2.1.0:p42:*:*:*:*:*:*
cpe:2.3:a:checkmk:checkmk:2.1.0:p43:*:*:*:*:*:*
cpe:2.3:a:checkmk:checkmk:2.1.0:p44:*:*:*:*:*:*
cpe:2.3:a:checkmk:checkmk:2.1.0:p45:*:*:*:*:*:*
cpe:2.3:a:checkmk:checkmk:2.1.0:p46:*:*:*:*:*:*
cpe:2.3:a:checkmk:checkmk:2.1.0:p5:*:*:*:*:*:*
cpe:2.3:a:checkmk:checkmk:2.1.0:p6:*:*:*:*:*:*
cpe:2.3:a:checkmk:checkmk:2.1.0:p7:*:*:*:*:*:*
cpe:2.3:a:checkmk:checkmk:2.1.0:p8:*:*:*:*:*:*
cpe:2.3:a:checkmk:checkmk:2.1.0:p9:*:*:*:*:*:*
cpe:2.3:a:checkmk:checkmk:2.2.0:-:*:*:*:*:*:*
cpe:2.3:a:checkmk:checkmk:2.2.0:b1:*:*:*:*:*:*
cpe:2.3:a:checkmk:checkmk:2.2.0:b2:*:*:*:*:*:*
cpe:2.3:a:checkmk:checkmk:2.2.0:b3:*:*:*:*:*:*
cpe:2.3:a:checkmk:checkmk:2.2.0:b4:*:*:*:*:*:*
cpe:2.3:a:checkmk:checkmk:2.2.0:b5:*:*:*:*:*:*
cpe:2.3:a:checkmk:checkmk:2.2.0:b6:*:*:*:*:*:*
cpe:2.3:a:checkmk:checkmk:2.2.0:b7:*:*:*:*:*:*
cpe:2.3:a:checkmk:checkmk:2.2.0:b8:*:*:*:*:*:*
cpe:2.3:a:checkmk:checkmk:2.2.0:i1:*:*:*:*:*:*
cpe:2.3:a:checkmk:checkmk:2.2.0:p1:*:*:*:*:*:*
cpe:2.3:a:checkmk:checkmk:2.2.0:p10:*:*:*:*:*:*
cpe:2.3:a:checkmk:checkmk:2.2.0:p11:*:*:*:*:*:*
cpe:2.3:a:checkmk:checkmk:2.2.0:p12:*:*:*:*:*:*
cpe:2.3:a:checkmk:checkmk:2.2.0:p13:*:*:*:*:*:*
cpe:2.3:a:checkmk:checkmk:2.2.0:p14:*:*:*:*:*:*
cpe:2.3:a:checkmk:checkmk:2.2.0:p15:*:*:*:*:*:*
cpe:2.3:a:checkmk:checkmk:2.2.0:p16:*:*:*:*:*:*
cpe:2.3:a:checkmk:checkmk:2.2.0:p17:*:*:*:*:*:*
cpe:2.3:a:checkmk:checkmk:2.2.0:p18:*:*:*:*:*:*
cpe:2.3:a:checkmk:checkmk:2.2.0:p19:*:*:*:*:*:*
cpe:2.3:a:checkmk:checkmk:2.2.0:p2:*:*:*:*:*:*
cpe:2.3:a:checkmk:checkmk:2.2.0:p20:*:*:*:*:*:*
cpe:2.3:a:checkmk:checkmk:2.2.0:p21:*:*:*:*:*:*
cpe:2.3:a:checkmk:checkmk:2.2.0:p22:*:*:*:*:*:*
cpe:2.3:a:checkmk:checkmk:2.2.0:p23:*:*:*:*:*:*
cpe:2.3:a:checkmk:checkmk:2.2.0:p24:*:*:*:*:*:*
cpe:2.3:a:checkmk:checkmk:2.2.0:p25:*:*:*:*:*:*
cpe:2.3:a:checkmk:checkmk:2.2.0:p26:*:*:*:*:*:*
cpe:2.3:a:checkmk:checkmk:2.2.0:p27:*:*:*:*:*:*
cpe:2.3:a:checkmk:checkmk:2.2.0:p28:*:*:*:*:*:*
cpe:2.3:a:checkmk:checkmk:2.2.0:p29:*:*:*:*:*:*
cpe:2.3:a:checkmk:checkmk:2.2.0:p3:*:*:*:*:*:*
cpe:2.3:a:checkmk:checkmk:2.2.0:p30:*:*:*:*:*:*
cpe:2.3:a:checkmk:checkmk:2.2.0:p31:*:*:*:*:*:*
cpe:2.3:a:checkmk:checkmk:2.2.0:p32:*:*:*:*:*:*
cpe:2.3:a:checkmk:checkmk:2.2.0:p4:*:*:*:*:*:*
cpe:2.3:a:checkmk:checkmk:2.2.0:p5:*:*:*:*:*:*
cpe:2.3:a:checkmk:checkmk:2.2.0:p6:*:*:*:*:*:*
cpe:2.3:a:checkmk:checkmk:2.2.0:p7:*:*:*:*:*:*
cpe:2.3:a:checkmk:checkmk:2.2.0:p8:*:*:*:*:*:*
cpe:2.3:a:checkmk:checkmk:2.2.0:p9:*:*:*:*:*:*
cpe:2.3:a:checkmk:checkmk:2.3.0:-:*:*:*:*:*:*
cpe:2.3:a:checkmk:checkmk:2.3.0:b1:*:*:*:*:*:*
cpe:2.3:a:checkmk:checkmk:2.3.0:b2:*:*:*:*:*:*
cpe:2.3:a:checkmk:checkmk:2.3.0:b3:*:*:*:*:*:*
cpe:2.3:a:checkmk:checkmk:2.3.0:b4:*:*:*:*:*:*
cpe:2.3:a:checkmk:checkmk:2.3.0:b5:*:*:*:*:*:*
cpe:2.3:a:checkmk:checkmk:2.3.0:b6:*:*:*:*:*:*
cpe:2.3:a:checkmk:checkmk:2.3.0:p1:*:*:*:*:*:*
cpe:2.3:a:checkmk:checkmk:2.3.0:p10:*:*:*:*:*:*
cpe:2.3:a:checkmk:checkmk:2.3.0:p11:*:*:*:*:*:*
cpe:2.3:a:checkmk:checkmk:2.3.0:p12:*:*:*:*:*:*
cpe:2.3:a:checkmk:checkmk:2.3.0:p13:*:*:*:*:*:*
cpe:2.3:a:checkmk:checkmk:2.3.0:p2:*:*:*:*:*:*
cpe:2.3:a:checkmk:checkmk:2.3.0:p3:*:*:*:*:*:*
cpe:2.3:a:checkmk:checkmk:2.3.0:p4:*:*:*:*:*:*
cpe:2.3:a:checkmk:checkmk:2.3.0:p5:*:*:*:*:*:*
cpe:2.3:a:checkmk:checkmk:2.3.0:p6:*:*:*:*:*:*
cpe:2.3:a:checkmk:checkmk:2.3.0:p7:*:*:*:*:*:*
cpe:2.3:a:checkmk:checkmk:2.3.0:p8:*:*:*:*:*:*
cpe:2.3:a:checkmk:checkmk:2.3.0:p9:*:*:*:*:*:*

EPSS

Процентиль: 80%
0.01386
Низкий

6.1 Medium

CVSS3

Дефекты

CWE-80
CWE-79

Связанные уязвимости

ubuntu логотип

CVE-2024-38859

CVSS3: 6.1
ubuntu
больше 1 года назад

XSS in the view page with the SLA column configured in Checkmk versions prior to 2.3.0p14, 2.2.0p33, 2.1.0p47 and 2.0.0 (EOL) allowed malicious users to execute arbitrary scripts by injecting HTML elements into the SLA column title. These scripts could be executed when the view page was cloned by other users.

debian логотип

CVE-2024-38859

CVSS3: 6.1
debian
больше 1 года назад

XSS in the view page with the SLA column configured in Checkmk version ...

github логотип

GHSA-5554-3cr8-7rwc

CVSS3: 6.1
github
больше 1 года назад

XSS in the view page with the SLA column configured in Checkmk versions prior to 2.3.0p14, 2.2.0p33, 2.1.0p47 and 2.0.0 (EOL) allowed malicious users to execute arbitrary scripts by injecting HTML elements into the SLA column title. These scripts could be executed when the view page was cloned by other users.

EPSS

Процентиль: 80%
0.01386
Низкий

6.1 Medium

CVSS3

Дефекты

CWE-80
CWE-79