CVE-2022-48320

Name of the Vulnerable Software and Affected Versions Checkmk versions 1.6.0 and earlier Checkmk versions 2.0.0 through 2.0.0p31 Checkmk versions 2.1.0 through 2.1.0p17

Description The issue allows an attacker to perform Cross-site Request Forgery (CSRF) attacks, enabling them to add new visual elements to multiple pages. This can be achieved by exploiting the CSRF weakness in the affected Checkmk versions.

Recommendations For Checkmk versions 1.6.0 and earlier, update to a version that is still supported and has the fix for this issue. For Checkmk versions 2.0.0 through 2.0.0p31, update to version 2.0.0p32 or later. For Checkmk versions 2.1.0 through 2.1.0p17, update to version 2.1.0p18 or later.