CVSS: 2.0EPSS: 0%CPEs: 3EXPL: 0CVE-2024-38863 – CSRF token leaked in URL parameters
https://notcve.org/view.php?id=CVE-2024-38863
Exposure of CSRF tokens in query parameters on specific requests in Checkmk GmbH's Checkmk versions <2.3.0p18, <2.2.0p35 and <2.1.0p48 could lead to a leak of the token to facilitate targeted phishing attacks. La exposición de tokens CSRF en parámetros de consulta en solicitudes específicas en las versiones de Checkmk de Checkmk GmbH <2.3.0p18, <2.2.0p35 y <2.1.0p48 podría provocar una fuga del token para facilitar ataques de phishing dirigidos. • https://checkmk.com/werk/17096 • CWE-598: Use of GET Request Method With Sensitive Query Strings •
CVSS: 5.1EPSS: 0%CPEs: 4EXPL: 0CVE-2024-38862 – SNMP and IMPI secrets written to audit log
https://notcve.org/view.php?id=CVE-2024-38862
Insertion of Sensitive Information into Log File in Checkmk GmbH's Checkmk versions <2.3.0p18, <2.2.0p35, <2.1.0p48 and <=2.0.0p39 (EOL) causes SNMP and IMPI secrets of host and folder properties to be written to audit log files accessible to administrators. La inserción de información confidencial en el archivo de registro en las versiones de Checkmk de Checkmk GmbH <2.3.0p18, <2.2.0p35, <2.1.0p48 y <=2.0.0p39 (EOL) hace que los secretos SNMP e IMPI de las propiedades del host y de la carpeta se escriban en archivos de registro de auditoría accesibles para los administradores. • https://checkmk.com/werk/17095 • CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 5.3EPSS: 0%CPEs: 4EXPL: 0CVE-2024-6747 – Information leak in mknotifyd
https://notcve.org/view.php?id=CVE-2024-6747
Information leakage in mknotifyd in Checkmk before 2.3.0p18, 2.2.0p36, 2.1.0p49 and in 2.0.0p39 (EOL) allows attacker to get potentially sensitive data La fuga de información en mknotifyd en Checkmk anterior a 2.3.0p18, 2.2.0p36, 2.1.0p49 y en 2.0.0p39 (EOL) permite a un atacante obtener datos potencialmente confidenciales • https://checkmk.com/werk/17145 • CWE-201: Insertion of Sensitive Information Into Sent Data •
CVSS: 9.2EPSS: 0%CPEs: 2EXPL: 0CVE-2024-8606 – Fix 2FA bypass via RestAPI
https://notcve.org/view.php?id=CVE-2024-8606
Bypass of two factor authentication in RestAPI in Checkmk < 2.3.0p16 and < 2.2.0p34 allows authenticated users to bypass two factor authentication • https://checkmk.com/werk/16218 • CWE-863: Incorrect Authorization •
CVSS: 5.1EPSS: 0%CPEs: 2EXPL: 0CVE-2024-38860 – Reflected links in error message facilitate phishing attacks
https://notcve.org/view.php?id=CVE-2024-38860
Improper neutralization of input in Checkmk before versions 2.3.0p16 and 2.2.0p34 allows attackers to craft malicious links that can facilitate phishing attacks. • https://checkmk.com/werk/17094 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •