CVE-2024-38859 (GCVE-0-2024-38859)
Vulnerability from cvelistv5 – Published: 2024-08-26 14:15 – Updated: 2024-08-26 15:22
VLAI
Title
XSS in view page with SLA column
Summary
XSS in the view page with the SLA column configured in Checkmk versions prior to 2.3.0p14, 2.2.0p33, 2.1.0p47 and 2.0.0 (EOL) allowed malicious users to execute arbitrary scripts by injecting HTML elements into the SLA column title. These scripts could be executed when the view page was cloned by other users.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-80 - Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://checkmk.com/werk/17026 |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Checkmk GmbH | Checkmk |
Affected:
2.3.0 , < 2.3.0p14
(semver)
Affected: 2.2.0 , < 2.2.0p33 (semver) Affected: 2.1.0 , < 2.1.0p47 (semver) Affected: 2.0.0 , ≤ 2.0.0p39 (semver) |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-38859",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-26T15:22:20.463340Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-26T15:22:30.830Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Checkmk",
"vendor": "Checkmk GmbH",
"versions": [
{
"lessThan": "2.3.0p14",
"status": "affected",
"version": "2.3.0",
"versionType": "semver"
},
{
"lessThan": "2.2.0p33",
"status": "affected",
"version": "2.2.0",
"versionType": "semver"
},
{
"lessThan": "2.1.0p47",
"status": "affected",
"version": "2.1.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "2.0.0p39",
"status": "affected",
"version": "2.0.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "XSS in the view page with the SLA column configured in Checkmk versions prior to 2.3.0p14, 2.2.0p33, 2.1.0p47 and 2.0.0 (EOL) allowed malicious users to execute arbitrary scripts by injecting HTML elements into the SLA column title. These scripts could be executed when the view page was cloned by other users."
}
],
"impacts": [
{
"capecId": "CAPEC-592",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-592: Stored XSS"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N",
"version": "4.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-80",
"description": "CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-26T14:15:32.555Z",
"orgId": "f7d6281c-4801-44ce-ace2-493291dedb0f",
"shortName": "Checkmk"
},
"references": [
{
"url": "https://checkmk.com/werk/17026"
}
],
"title": "XSS in view page with SLA column"
}
},
"cveMetadata": {
"assignerOrgId": "f7d6281c-4801-44ce-ace2-493291dedb0f",
"assignerShortName": "Checkmk",
"cveId": "CVE-2024-38859",
"datePublished": "2024-08-26T14:15:32.555Z",
"dateReserved": "2024-06-20T10:03:09.178Z",
"dateUpdated": "2024-08-26T15:22:30.830Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2024-38859",
"date": "2026-06-30",
"epss": "0.00419",
"percentile": "0.33589"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2024-38859\",\"sourceIdentifier\":\"security@checkmk.com\",\"published\":\"2024-08-26T15:15:08.183\",\"lastModified\":\"2026-06-17T07:41:08.647\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"XSS in the view page with the SLA column configured in Checkmk versions prior to 2.3.0p14, 2.2.0p33, 2.1.0p47 and 2.0.0 (EOL) allowed malicious users to execute arbitrary scripts by injecting HTML elements into the SLA column title. These scripts could be executed when the view page was cloned by other users.\"},{\"lang\":\"es\",\"value\":\"XSS en la p\u00e1gina de visualizaci\u00f3n con la columna SLA configurada en versiones de Checkmk anteriores a 2.3.0p14, 2.2.0p33, 2.1.0p47 y 2.0.0 (EOL) permit\u00eda a usuarios malintencionados ejecutar scripts arbitrarios inyectando elementos HTML en el t\u00edtulo de la columna SLA. Estos scripts podr\u00edan ejecutarse cuando otros usuarios clonaran la p\u00e1gina de visualizaci\u00f3n.\"}],\"affected\":[{\"source\":\"security@checkmk.com\",\"affectedData\":[{\"vendor\":\"Checkmk GmbH\",\"product\":\"Checkmk\",\"defaultStatus\":\"unaffected\",\"versions\":[{\"version\":\"2.3.0\",\"lessThan\":\"2.3.0p14\",\"versionType\":\"semver\",\"status\":\"affected\"},{\"version\":\"2.2.0\",\"lessThan\":\"2.2.0p33\",\"versionType\":\"semver\",\"status\":\"affected\"},{\"version\":\"2.1.0\",\"lessThan\":\"2.1.0p47\",\"versionType\":\"semver\",\"status\":\"affected\"},{\"version\":\"2.0.0\",\"lessThanOrEqual\":\"2.0.0p39\",\"versionType\":\"semver\",\"status\":\"affected\"}]}]}],\"metrics\":{\"cvssMetricV40\":[{\"source\":\"security@checkmk.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"4.0\",\"vectorString\":\"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X\",\"baseScore\":4.8,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"attackRequirements\":\"NONE\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"ACTIVE\",\"vulnConfidentialityImpact\":\"NONE\",\"vulnIntegrityImpact\":\"NONE\",\"vulnAvailabilityImpact\":\"NONE\",\"subConfidentialityImpact\":\"LOW\",\"subIntegrityImpact\":\"LOW\",\"subAvailabilityImpact\":\"NONE\",\"exploitMaturity\":\"NOT_DEFINED\",\"confidentialityRequirement\":\"NOT_DEFINED\",\"integrityRequirement\":\"NOT_DEFINED\",\"availabilityRequirement\":\"NOT_DEFINED\",\"modifiedAttackVector\":\"NOT_DEFINED\",\"modifiedAttackComplexity\":\"NOT_DEFINED\",\"modifiedAttackRequirements\":\"NOT_DEFINED\",\"modifiedPrivilegesRequired\":\"NOT_DEFINED\",\"modifiedUserInteraction\":\"NOT_DEFINED\",\"modifiedVulnConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedVulnIntegrityImpact\":\"NOT_DEFINED\",\"modifiedVulnAvailabilityImpact\":\"NOT_DEFINED\",\"modifiedSubConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedSubIntegrityImpact\":\"NOT_DEFINED\",\"modifiedSubAvailabilityImpact\":\"NOT_DEFINED\",\"Safety\":\"NOT_DEFINED\",\"Automatable\":\"NOT_DEFINED\",\"Recovery\":\"NOT_DEFINED\",\"valueDensity\":\"NOT_DEFINED\",\"vulnerabilityResponseEffort\":\"NOT_DEFINED\",\"providerUrgency\":\"NOT_DEFINED\"}}],\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N\",\"baseScore\":6.1,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.8,\"impactScore\":2.7}],\"ssvcV203\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"ssvcData\":{\"timestamp\":\"2024-08-26T15:22:20.463340Z\",\"id\":\"CVE-2024-38859\",\"options\":[{\"exploitation\":\"none\"},{\"automatable\":\"no\"},{\"technicalImpact\":\"partial\"}],\"role\":\"CISA Coordinator\",\"version\":\"2.0.3\"}}]},\"weaknesses\":[{\"source\":\"security@checkmk.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-80\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-79\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:checkmk:checkmk:2.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FFBDA1FD-7112-4309-AFDC-57DFF865365A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:checkmk:checkmk:2.1.0:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"1AE224D8-742B-4D1F-ABBE-3DDA3EA5C5AD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:checkmk:checkmk:2.1.0:b1:*:*:*:*:*:*\",\"matchCriteriaId\":\"1E6FCE7B-7ECE-42A4-82C5-12A647B0CCC8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:checkmk:checkmk:2.1.0:b2:*:*:*:*:*:*\",\"matchCriteriaId\":\"923AA113-D5E7-4F78-88BA-B72EF250F3EA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:checkmk:checkmk:2.1.0:b3:*:*:*:*:*:*\",\"matchCriteriaId\":\"B1984F57-A313-48AC-B8F9-F352D82824D6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:checkmk:checkmk:2.1.0:b4:*:*:*:*:*:*\",\"matchCriteriaId\":\"A38DB527-72A6-40B8-B46F-B8E78BFFDB1F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:checkmk:checkmk:2.1.0:b5:*:*:*:*:*:*\",\"matchCriteriaId\":\"67643E11-91A1-4580-BC4C-574074C862CB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:checkmk:checkmk:2.1.0:b6:*:*:*:*:*:*\",\"matchCriteriaId\":\"350B7E0F-D234-4D7C-91E4-F35E73579A24\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:checkmk:checkmk:2.1.0:b7:*:*:*:*:*:*\",\"matchCriteriaId\":\"DE58ACA9-8078-46A7-8487-C06E4E38F372\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:checkmk:checkmk:2.1.0:b8:*:*:*:*:*:*\",\"matchCriteriaId\":\"B3D8CF4D-E1F8-4D8D-A8A9-1783CAC869E4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:checkmk:checkmk:2.1.0:b9:*:*:*:*:*:*\",\"matchCriteriaId\":\"58B0B051-7D3C-4EC7-96B0-38A1CC108D61\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:checkmk:checkmk:2.1.0:p1:*:*:*:*:*:*\",\"matchCriteriaId\":\"B783A741-AAF2-43EE-8272-9239133A01E8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:checkmk:checkmk:2.1.0:p10:*:*:*:*:*:*\",\"matchCriteriaId\":\"A5F275A3-A99E-40E1-BD77-694FA568541F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:checkmk:checkmk:2.1.0:p11:*:*:*:*:*:*\",\"matchCriteriaId\":\"3A44BF1A-5BE0-4412-B51D-055445758B61\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:checkmk:checkmk:2.1.0:p12:*:*:*:*:*:*\",\"matchCriteriaId\":\"A31BAE94-9096-4320-AC19-AA204E8EC08D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:checkmk:checkmk:2.1.0:p13:*:*:*:*:*:*\",\"matchCriteriaId\":\"1B0784EA-98E8-4490-B97B-894F188A223D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:checkmk:checkmk:2.1.0:p14:*:*:*:*:*:*\",\"matchCriteriaId\":\"A56A901F-1040-4DB9-9BE3-FE1999C514CA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:checkmk:checkmk:2.1.0:p15:*:*:*:*:*:*\",\"matchCriteriaId\":\"58A904FC-C015-469D-8502-E678D5FDBD06\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:checkmk:checkmk:2.1.0:p16:*:*:*:*:*:*\",\"matchCriteriaId\":\"1B5D109C-60AA-4FA4-9B10-2191AAF109F2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:checkmk:checkmk:2.1.0:p17:*:*:*:*:*:*\",\"matchCriteriaId\":\"37297866-24BB-4044-8744-EC0A8C29F152\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:checkmk:checkmk:2.1.0:p18:*:*:*:*:*:*\",\"matchCriteriaId\":\"F9D4A171-CCB3-43B8-8B70-78610423E7C0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:checkmk:checkmk:2.1.0:p19:*:*:*:*:*:*\",\"matchCriteriaId\":\"5E1145FF-426D-407C-9F4B-EF773BD191EC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:checkmk:checkmk:2.1.0:p2:*:*:*:*:*:*\",\"matchCriteriaId\":\"4DA8F776-A724-48FC-B7EF-13788BC69753\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:checkmk:checkmk:2.1.0:p20:*:*:*:*:*:*\",\"matchCriteriaId\":\"46F42A22-99F2-4DF5-9B00-3123396F87AC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:checkmk:checkmk:2.1.0:p21:*:*:*:*:*:*\",\"matchCriteriaId\":\"1C59D4D3-D526-4E6B-B3AA-FE485D030190\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:checkmk:checkmk:2.1.0:p22:*:*:*:*:*:*\",\"matchCriteriaId\":\"65E5CAE6-DC8B-47B3-84A0-D79B0C33EB45\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:checkmk:checkmk:2.1.0:p23:*:*:*:*:*:*\",\"matchCriteriaId\":\"8B9E0D89-79E2-476A-8A3E-8443316BC310\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:checkmk:checkmk:2.1.0:p24:*:*:*:*:*:*\",\"matchCriteriaId\":\"38EA0591-C30B-4102-8A06-1B922FD3A0C7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:checkmk:checkmk:2.1.0:p25:*:*:*:*:*:*\",\"matchCriteriaId\":\"5E9AF0D3-8DD6-4EC7-BB33-54401D4025FC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:checkmk:checkmk:2.1.0:p26:*:*:*:*:*:*\",\"matchCriteriaId\":\"983604CC-DD2C-42A9-8B9D-A9A261CE8BA6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:checkmk:checkmk:2.1.0:p27:*:*:*:*:*:*\",\"matchCriteriaId\":\"224960F7-695C-415B-B991-E8C01859AA80\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:checkmk:checkmk:2.1.0:p28:*:*:*:*:*:*\",\"matchCriteriaId\":\"1F6D86E4-738B-4ADA-858E-C12CCED9FAAA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:checkmk:checkmk:2.1.0:p29:*:*:*:*:*:*\",\"matchCriteriaId\":\"BD8EBF09-9B70-4972-85B1-82F41488BE3F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:checkmk:checkmk:2.1.0:p3:*:*:*:*:*:*\",\"matchCriteriaId\":\"076463AA-195F-4CD6-861B-72FE1C8A407F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:checkmk:checkmk:2.1.0:p30:*:*:*:*:*:*\",\"matchCriteriaId\":\"009D2C7B-39B8-400F-80A5-06D56319232C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:checkmk:checkmk:2.1.0:p31:*:*:*:*:*:*\",\"matchCriteriaId\":\"3D5AEB8D-772E-401F-975C-61BDD30B481E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:checkmk:checkmk:2.1.0:p32:*:*:*:*:*:*\",\"matchCriteriaId\":\"2ECAB6C5-518C-4CA4-8B2B-D51115612A8B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:checkmk:checkmk:2.1.0:p33:*:*:*:*:*:*\",\"matchCriteriaId\":\"FECC252C-02AA-41EC-BB84-5C1A6BC0FB8A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:checkmk:checkmk:2.1.0:p34:*:*:*:*:*:*\",\"matchCriteriaId\":\"238324F5-7225-40DD-82E8-52F30F0D3776\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:checkmk:checkmk:2.1.0:p35:*:*:*:*:*:*\",\"matchCriteriaId\":\"4F3C9510-BD43-4F67-9C30-4F82B5D230E8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:checkmk:checkmk:2.1.0:p36:*:*:*:*:*:*\",\"matchCriteriaId\":\"51941654-F6FF-4323-AECA-5D1D84308CD2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:checkmk:checkmk:2.1.0:p37:*:*:*:*:*:*\",\"matchCriteriaId\":\"6E800133-1D28-41D1-8D73-9437D741F83B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:checkmk:checkmk:2.1.0:p38:*:*:*:*:*:*\",\"matchCriteriaId\":\"8A34B28B-2BD9-4F28-9428-8CF7FCEAD7C3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:checkmk:checkmk:2.1.0:p39:*:*:*:*:*:*\",\"matchCriteriaId\":\"D3FC491E-DE27-4C8F-B699-DB5260935D51\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:checkmk:checkmk:2.1.0:p4:*:*:*:*:*:*\",\"matchCriteriaId\":\"63043834-98E5-47C2-91F1-41B98270ABCA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:checkmk:checkmk:2.1.0:p40:*:*:*:*:*:*\",\"matchCriteriaId\":\"0BE2C8FE-20CC-4B7E-B27B-54C873DC7530\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:checkmk:checkmk:2.1.0:p41:*:*:*:*:*:*\",\"matchCriteriaId\":\"5C3C3714-C696-4456-88AA-B6E4EFC73C92\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:checkmk:checkmk:2.1.0:p42:*:*:*:*:*:*\",\"matchCriteriaId\":\"BFF9D1C9-C340-4C31-A3EA-74EF85C6F34D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:checkmk:checkmk:2.1.0:p43:*:*:*:*:*:*\",\"matchCriteriaId\":\"A70FBA9D-F7DF-4961-9518-F7AE14FE174D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:checkmk:checkmk:2.1.0:p44:*:*:*:*:*:*\",\"matchCriteriaId\":\"FB38424F-0955-4FE3-9C1D-69D21A08AA8D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:checkmk:checkmk:2.1.0:p45:*:*:*:*:*:*\",\"matchCriteriaId\":\"4EE19624-17FB-45DD-926D-1A745FF02CB0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:checkmk:checkmk:2.1.0:p46:*:*:*:*:*:*\",\"matchCriteriaId\":\"C7E289B5-B6C6-4514-9CA1-5EBE155ECFE4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:checkmk:checkmk:2.1.0:p5:*:*:*:*:*:*\",\"matchCriteriaId\":\"FCF745D0-2EA6-4414-90BC-99D3ED08BB01\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:checkmk:checkmk:2.1.0:p6:*:*:*:*:*:*\",\"matchCriteriaId\":\"4823087F-D7FA-4594-8FD3-412DE5EA1F02\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:checkmk:checkmk:2.1.0:p7:*:*:*:*:*:*\",\"matchCriteriaId\":\"6429F9CE-D477-4CFF-B6E0-4BF11B61ED0E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:checkmk:checkmk:2.1.0:p8:*:*:*:*:*:*\",\"matchCriteriaId\":\"A50C58F9-94ED-4D85-8331-2D81F8E0760A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:checkmk:checkmk:2.1.0:p9:*:*:*:*:*:*\",\"matchCriteriaId\":\"9A6AC0BD-FB65-4FAA-B344-66F87F16F8B3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:checkmk:checkmk:2.2.0:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"C66704F1-0B5E-4B43-8748-987022F378F8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:checkmk:checkmk:2.2.0:b1:*:*:*:*:*:*\",\"matchCriteriaId\":\"B068974F-6F67-4CBB-B567-FCED86E28F22\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:checkmk:checkmk:2.2.0:b2:*:*:*:*:*:*\",\"matchCriteriaId\":\"EA70F36A-EEF6-48DC-B15E-055D0DE8A052\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:checkmk:checkmk:2.2.0:b3:*:*:*:*:*:*\",\"matchCriteriaId\":\"B2017F38-38DB-4E96-B34F-160BC731CBBE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:checkmk:checkmk:2.2.0:b4:*:*:*:*:*:*\",\"matchCriteriaId\":\"0949F399-371B-409C-AF9F-32690D881440\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:checkmk:checkmk:2.2.0:b5:*:*:*:*:*:*\",\"matchCriteriaId\":\"42E1E31A-B5CC-45F2-A2E5-3EEF735499BA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:checkmk:checkmk:2.2.0:b6:*:*:*:*:*:*\",\"matchCriteriaId\":\"4B364FCA-500C-458E-B997-82CD0B1D24F9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:checkmk:checkmk:2.2.0:b7:*:*:*:*:*:*\",\"matchCriteriaId\":\"0B32E657-917B-482B-B6A4-3D3746992A4F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:checkmk:checkmk:2.2.0:b8:*:*:*:*:*:*\",\"matchCriteriaId\":\"2119C732-E024-4DA6-8E47-9E08E5E12602\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:checkmk:checkmk:2.2.0:i1:*:*:*:*:*:*\",\"matchCriteriaId\":\"4F0B99A8-A124-43BD-B8AA-EECC9112346F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:checkmk:checkmk:2.2.0:p1:*:*:*:*:*:*\",\"matchCriteriaId\":\"3FB7221E-BE9F-4529-8E07-8AD547FA3208\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:checkmk:checkmk:2.2.0:p10:*:*:*:*:*:*\",\"matchCriteriaId\":\"30A074AD-9499-46E3-AB67-D6CEE3AA01C3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:checkmk:checkmk:2.2.0:p11:*:*:*:*:*:*\",\"matchCriteriaId\":\"A8BD0240-A22B-4273-BD47-C35A8C12E127\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:checkmk:checkmk:2.2.0:p12:*:*:*:*:*:*\",\"matchCriteriaId\":\"DAA5680F-1DD0-48AA-BB7F-15B27365F0FA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:checkmk:checkmk:2.2.0:p13:*:*:*:*:*:*\",\"matchCriteriaId\":\"BC2F31CA-D4EB-44E6-9A09-5255D33F4A88\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:checkmk:checkmk:2.2.0:p14:*:*:*:*:*:*\",\"matchCriteriaId\":\"CD80BD69-20C6-4E17-B165-98689179A5A1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:checkmk:checkmk:2.2.0:p15:*:*:*:*:*:*\",\"matchCriteriaId\":\"B044D43B-0233-4A0D-A356-B9F9324E2777\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:checkmk:checkmk:2.2.0:p16:*:*:*:*:*:*\",\"matchCriteriaId\":\"7DE79896-EBE5-42F2-A126-2A871BBA1071\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:checkmk:checkmk:2.2.0:p17:*:*:*:*:*:*\",\"matchCriteriaId\":\"51A44E69-EEA1-4B01-B7B3-5BF7B39819E3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:checkmk:checkmk:2.2.0:p18:*:*:*:*:*:*\",\"matchCriteriaId\":\"BCB65AEB-CF52-410B-92B1-2DCFB914FFA4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:checkmk:checkmk:2.2.0:p19:*:*:*:*:*:*\",\"matchCriteriaId\":\"B7E17FA6-9011-489C-9FA9-368CA2D86FAE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:checkmk:checkmk:2.2.0:p2:*:*:*:*:*:*\",\"matchCriteriaId\":\"7BCEB6FF-668F-4313-9264-0BF021AFC45F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:checkmk:checkmk:2.2.0:p20:*:*:*:*:*:*\",\"matchCriteriaId\":\"F8B27218-A4FF-47BE-B578-6DB704478921\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:checkmk:checkmk:2.2.0:p21:*:*:*:*:*:*\",\"matchCriteriaId\":\"8735357F-16A7-4408-9DDD-1C6796BADBE9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:checkmk:checkmk:2.2.0:p22:*:*:*:*:*:*\",\"matchCriteriaId\":\"4505098C-0A2B-481E-A3DF-D6DF8EFA4DE7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:checkmk:checkmk:2.2.0:p23:*:*:*:*:*:*\",\"matchCriteriaId\":\"C12AFCCF-014E-4EEB-8F04-F1ACE182BA98\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:checkmk:checkmk:2.2.0:p24:*:*:*:*:*:*\",\"matchCriteriaId\":\"66B85557-D5EC-4AF4-B97A-D2B80A58B3B1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:checkmk:checkmk:2.2.0:p25:*:*:*:*:*:*\",\"matchCriteriaId\":\"233ECD21-FA72-43AF-8E4C-DAC27CC18F3C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:checkmk:checkmk:2.2.0:p26:*:*:*:*:*:*\",\"matchCriteriaId\":\"8B4DB8EE-C10A-4097-8E66-2932BAEB732E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:checkmk:checkmk:2.2.0:p27:*:*:*:*:*:*\",\"matchCriteriaId\":\"8653402A-C5AA-4CB1-8742-A12CCBE59373\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:checkmk:checkmk:2.2.0:p28:*:*:*:*:*:*\",\"matchCriteriaId\":\"77047A82-E6D5-4E84-9BEC-ACD2FDA91FAE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:checkmk:checkmk:2.2.0:p29:*:*:*:*:*:*\",\"matchCriteriaId\":\"2E44AE62-1746-410F-A28E-F8292E1F8D68\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:checkmk:checkmk:2.2.0:p3:*:*:*:*:*:*\",\"matchCriteriaId\":\"E2342E2D-58B0-43E7-8C01-DF4678520F39\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:checkmk:checkmk:2.2.0:p30:*:*:*:*:*:*\",\"matchCriteriaId\":\"B6C1AC39-5AE0-4FC8-93FF-966400B074F0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:checkmk:checkmk:2.2.0:p31:*:*:*:*:*:*\",\"matchCriteriaId\":\"68455233-52CD-44B8-8B02-D94BA84DA6A8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:checkmk:checkmk:2.2.0:p32:*:*:*:*:*:*\",\"matchCriteriaId\":\"1C95A313-7665-4877-B421-0D20E3D3D54D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:checkmk:checkmk:2.2.0:p4:*:*:*:*:*:*\",\"matchCriteriaId\":\"1871B646-CA69-477F-B113-B901AC7B3934\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:checkmk:checkmk:2.2.0:p5:*:*:*:*:*:*\",\"matchCriteriaId\":\"EEC65A72-CAE1-4E28-83EF-7ECAFE921BB6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:checkmk:checkmk:2.2.0:p6:*:*:*:*:*:*\",\"matchCriteriaId\":\"D8FDECBC-8213-495F-A932-C4310F7C1F87\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:checkmk:checkmk:2.2.0:p7:*:*:*:*:*:*\",\"matchCriteriaId\":\"CB49BC95-6AA8-4F53-A3D6-E199BF756AAF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:checkmk:checkmk:2.2.0:p8:*:*:*:*:*:*\",\"matchCriteriaId\":\"050B6617-8FD4-47A6-BE4A-A52503A65812\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:checkmk:checkmk:2.2.0:p9:*:*:*:*:*:*\",\"matchCriteriaId\":\"4CA0FEC5-7036-47AF-A341-873B6C324B58\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:checkmk:checkmk:2.3.0:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"83202950-840A-4CB7-AD96-CE62E84FABD8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:checkmk:checkmk:2.3.0:b1:*:*:*:*:*:*\",\"matchCriteriaId\":\"1A020A77-7D84-4557-9B0B-D74A89BC1538\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:checkmk:checkmk:2.3.0:b2:*:*:*:*:*:*\",\"matchCriteriaId\":\"D9770554-978B-4552-9E0E-CD6B6675243C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:checkmk:checkmk:2.3.0:b3:*:*:*:*:*:*\",\"matchCriteriaId\":\"1883D2F4-CB96-4DDE-87E8-D1990A3FA092\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:checkmk:checkmk:2.3.0:b4:*:*:*:*:*:*\",\"matchCriteriaId\":\"99AD6F39-AF67-4CB9-BED2-00CA75B9F5DB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:checkmk:checkmk:2.3.0:b5:*:*:*:*:*:*\",\"matchCriteriaId\":\"F08FE580-67D4-419C-AE4A-3B9EBC6A2838\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:checkmk:checkmk:2.3.0:b6:*:*:*:*:*:*\",\"matchCriteriaId\":\"9DD5C67F-CD3E-400E-802D-8B52408A259F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:checkmk:checkmk:2.3.0:p1:*:*:*:*:*:*\",\"matchCriteriaId\":\"310A2FA2-633A-48FB-A5C2-9A9A922E72E2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:checkmk:checkmk:2.3.0:p10:*:*:*:*:*:*\",\"matchCriteriaId\":\"3C0F1DC8-D9DF-4A7A-80DC-618FAB091375\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:checkmk:checkmk:2.3.0:p11:*:*:*:*:*:*\",\"matchCriteriaId\":\"9B0A1E3E-1B5A-4346-95BC-DE6FF6EE14CA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:checkmk:checkmk:2.3.0:p12:*:*:*:*:*:*\",\"matchCriteriaId\":\"EB52B2A7-BDC1-4A4F-ABAF-69C1BA8E83C2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:checkmk:checkmk:2.3.0:p13:*:*:*:*:*:*\",\"matchCriteriaId\":\"9F89225F-6969-4D89-B889-9CB09972825B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:checkmk:checkmk:2.3.0:p2:*:*:*:*:*:*\",\"matchCriteriaId\":\"7D1993E3-C4F9-4D78-BD02-A0B22D93BF1F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:checkmk:checkmk:2.3.0:p3:*:*:*:*:*:*\",\"matchCriteriaId\":\"B28A0C9D-072A-413C-8587-CD57CB918190\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:checkmk:checkmk:2.3.0:p4:*:*:*:*:*:*\",\"matchCriteriaId\":\"DF22D0A7-82B1-4598-B8C5-BDFE523D07F2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:checkmk:checkmk:2.3.0:p5:*:*:*:*:*:*\",\"matchCriteriaId\":\"20035AFB-75B4-4164-9833-A2FCAE24B577\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:checkmk:checkmk:2.3.0:p6:*:*:*:*:*:*\",\"matchCriteriaId\":\"8BCBACEB-7130-455D-B4BE-243053C116DC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:checkmk:checkmk:2.3.0:p7:*:*:*:*:*:*\",\"matchCriteriaId\":\"156384E2-E04B-4153-A91F-3F307C9FEAE8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:checkmk:checkmk:2.3.0:p8:*:*:*:*:*:*\",\"matchCriteriaId\":\"EEC0ED95-F43B-46D7-9AA0-A0FB1C32EF1D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:checkmk:checkmk:2.3.0:p9:*:*:*:*:*:*\",\"matchCriteriaId\":\"91C194C1-5292-4E2A-BB71-9C5CD3CE6194\"}]}]}],\"references\":[{\"url\":\"https://checkmk.com/werk/17026\",\"source\":\"security@checkmk.com\",\"tags\":[\"Vendor Advisory\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-38859\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-08-26T15:22:20.463340Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-08-26T15:22:27.059Z\"}}], \"cna\": {\"title\": \"XSS in view page with SLA column\", \"impacts\": [{\"capecId\": \"CAPEC-592\", \"descriptions\": [{\"lang\": \"en\", \"value\": \"CAPEC-592: Stored XSS\"}]}], \"metrics\": [{\"cvssV4_0\": {\"version\": \"4.0\", \"baseScore\": 4.8, \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N\"}}], \"affected\": [{\"vendor\": \"Checkmk GmbH\", \"product\": \"Checkmk\", \"versions\": [{\"status\": \"affected\", \"version\": \"2.3.0\", \"lessThan\": \"2.3.0p14\", \"versionType\": \"semver\"}, {\"status\": \"affected\", \"version\": \"2.2.0\", \"lessThan\": \"2.2.0p33\", \"versionType\": \"semver\"}, {\"status\": \"affected\", \"version\": \"2.1.0\", \"lessThan\": \"2.1.0p47\", \"versionType\": \"semver\"}, {\"status\": \"affected\", \"version\": \"2.0.0\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"2.0.0p39\"}], \"defaultStatus\": \"unaffected\"}], \"references\": [{\"url\": \"https://checkmk.com/werk/17026\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"XSS in the view page with the SLA column configured in Checkmk versions prior to 2.3.0p14, 2.2.0p33, 2.1.0p47 and 2.0.0 (EOL) allowed malicious users to execute arbitrary scripts by injecting HTML elements into the SLA column title. These scripts could be executed when the view page was cloned by other users.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-80\", \"description\": \"CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)\"}]}], \"providerMetadata\": {\"orgId\": \"f7d6281c-4801-44ce-ace2-493291dedb0f\", \"shortName\": \"Checkmk\", \"dateUpdated\": \"2024-08-26T14:15:32.555Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2024-38859\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-08-26T15:22:30.830Z\", \"dateReserved\": \"2024-06-20T10:03:09.178Z\", \"assignerOrgId\": \"f7d6281c-4801-44ce-ace2-493291dedb0f\", \"datePublished\": \"2024-08-26T14:15:32.555Z\", \"assignerShortName\": \"Checkmk\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
Loading…
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…