PT-2022-16722 · Checkmk · Checkmk
Manuel Sommer
·
Published
2022-02-23
·
Updated
2024-07-23
·
CVE-2022-24566
CVSS v3.1
5.4
Medium
| Vector | AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Checkmk versions 1.6.0p27 and earlier
Checkmk versions 2.0.0p19 and earlier
Description
The issue arises from the title of a Predefined condition not being properly escaped when shown as a condition, which can result in Cross Site Scripting (XSS).
Recommendations
For Checkmk versions 1.6.0p27 and earlier, update to version 1.6.0p28 to resolve the issue.
For Checkmk versions 2.0.0p19 and earlier, update to version 2.0.0p20 to resolve the issue.
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Checkmk