PT-2024-28243 · Checkmk · Checkmk
Published
2024-10-14
·
Updated
2024-12-03
·
CVE-2024-38862
CVSS v4.0
5.1
Medium
| Vector | AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:N/SC:L/SI:N/SA:N |
Name of the Vulnerable Software and Affected Versions
Checkmk versions <2.3.0p18
Checkmk versions <2.2.0p35
Checkmk versions <2.1.0p48
Checkmk versions <=2.0.0p39 (EOL)
Description
The issue concerns the insertion of sensitive information into log files in Checkmk, causing SNMP and IMPI secrets of host and folder properties to be written to audit log files accessible to administrators. This affects the confidentiality of the information.
Recommendations
For versions <2.3.0p18, update to version 2.3.0p18 or later.
For versions <2.2.0p35, update to version 2.2.0p35 or later.
For versions <2.1.0p48, update to version 2.1.0p48 or later.
For versions <=2.0.0p39 (EOL), update to a supported version, as 2.0.0p39 is end-of-life.
Fix
Insertion into Log File
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Checkmk