PT-2024-22598 · Checkmk · Checkmk

Published

2024-06-26

Updated

2024-12-04

CVE-2024-28830

CVSS v3.1

2.7

Low

Vector

AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions Checkmk versions prior to 2.3.0p7 Checkmk versions prior to 2.2.0p28 Checkmk versions prior to 2.1.0p45 Checkmk versions prior to or equal to 2.0.0p39

Description The issue allows sensitive information to be inserted into log files, causing automation user secrets to be written to audit log files. These log files are accessible to administrators.

Recommendations For versions prior to 2.3.0p7, update to version 2.3.0p7 or later. For versions prior to 2.2.0p28, update to version 2.2.0p28 or later. For versions prior to 2.1.0p45, update to version 2.1.0p45 or later. For versions prior to or equal to 2.0.0p39, consider upgrading to a supported version, as 2.0.0p39 is end-of-life.

Fix

Insertion into Log File

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-532

Related Identifiers

CVE-2024-28830

Affected Products

Checkmk

PT-2024-22598 · Checkmk · Checkmk

CVE-2024-28830

Weakness Enumeration

Related Identifiers

Affected Products

References · 6