CVE-2024-38863

Summary

Exposure of CSRF tokens in query parameters on specific requests in Checkmk GmbH's Checkmk versions <2.3.0p18, <2.2.0p35 and <2.1.0p48 could lead to a leak of the token to facilitate targeted phishing attacks.

Affected Software

VendorProductVersion RangeStatus
Checkmk GmbHCheckmk2.1.0 < 2.1.0p48affected
Checkmk GmbHCheckmk2.2.0 < 2.2.0p35affected
Checkmk GmbHCheckmk2.3.0 < 2.3.0p18affected

Weaknesses

  • CWE-598: CWE-598: Use of GET Request Method With Sensitive Query Strings

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References