CVE-2024-38857

Summary

Improper neutralization of input in Checkmk before versions 2.3.0p8, 2.2.0p28, 2.1.0p45, and 2.0.0 (EOL) allows attackers to craft malicious links that can facilitate phishing attacks.

Affected Software

VendorProductVersion RangeStatus
Checkmk GmbHCheckmk2.3.0 < 2.3.0p8affected
Checkmk GmbHCheckmk2.2.0 < 2.2.0p28affected
Checkmk GmbHCheckmk2.1.0 < 2.1.0p45affected
Checkmk GmbHCheckmk2.0.0 <= 2.0.0p39affected

Weaknesses

  • CWE-79: CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

CVE Program Container

Additional References

References