CVE-2024-28830 – Automation user secrets written to audit log
https://notcve.org/view.php?id=CVE-2024-28830
Insertion of Sensitive Information into Log File in Checkmk GmbH's Checkmk versions <2.3.0p7, <2.2.0p28, <2.1.0p45 and <=2.0.0p39 (EOL) causes automation user secrets to be written to audit log files accessible to administrators. La inserción de información confidencial en un archivo de registro en las versiones de Checkmk GmbH <2.3.0p7, <2.2.0p28, <2.1.0p45 y <=2.0.0p39 (EOL) hace que los secretos de usuario de automatización se escriban en archivos de registro de auditoría accesibles a los administradores. • https://checkmk.com/werk/17056 • CWE-532: Insertion of Sensitive Information into Log File •
CVE-2024-28832 – XSS in Crash Report Page
https://notcve.org/view.php?id=CVE-2024-28832
Stored XSS in the Crash Report page in Checkmk before versions 2.3.0p7, 2.2.0p28, 2.1.0p45, and 2.0.0 (EOL) allows users with permission to change Global Settings to execute arbitrary scripts by injecting HTML elements into the Crash Report URL in the Global Settings. • https://checkmk.com/werk/17024 • CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) •
CVE-2024-28831 – XSS in confirmation pop-up
https://notcve.org/view.php?id=CVE-2024-28831
Stored XSS in some confirmation pop-ups in Checkmk before versions 2.3.0p7 and 2.2.0p28 allows Checkmk users to execute arbitrary scripts by injecting HTML elements into some user input fields that are shown in a confirmation pop-up. • https://checkmk.com/werk/17025 • CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) •
CVE-2024-5741 – XSS in inventory view
https://notcve.org/view.php?id=CVE-2024-5741
Stored XSS in inventory tree rendering in Checkmk before 2.3.0p7, 2.2.0p28, 2.1.0p45 and 2.0.0 (EOL) • https://checkmk.com/werk/17009 • CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) •
CVE-2024-28833 – Missing brute-force protection for two factor authentication
https://notcve.org/view.php?id=CVE-2024-28833
Improper restriction of excessive authentication attempts with two factor authentication methods in Checkmk 2.3 before 2.3.0p6 facilitates brute-forcing of second factor mechanisms. La restricción inadecuada de intentos de autenticación excesivos con métodos de autenticación de dos factores en Checkmk 2.3 anterior a 2.3.0p6 facilita la fuerza bruta de los mecanismos de segundo factor. • https://checkmk.com/werk/16830 • CWE-307: Improper Restriction of Excessive Authentication Attempts •