CVE-2024-38862

Oct. 15, 2024, 12:57 p.m.

Tags

CWE-532
security@checkmk.com
2024-10-14
CVE-2024-38862

Product(s) Impacted

Checkmk

  • <2.3.0p18
  • <2.2.0p35
  • <2.1.0p48
  • <=2.0.0p39 (EOL)

Description

Insertion of Sensitive Information into Log File in Checkmk GmbH's Checkmk versions <2.3.0p18, <2.2.0p35, <2.1.0p48 and <=2.0.0p39 (EOL) causes SNMP and IMPI secrets of host and folder properties to be written to audit log files accessible to administrators.

Weaknesses

CWE-532
Insertion of Sensitive Information into Log File

Information written to log files can be of a sensitive nature and give valuable guidance to an attacker or expose sensitive user information.

CWE ID: 532

Date

Published: Oct. 14, 2024, 8:15 a.m.

Last Modified: Oct. 15, 2024, 12:57 p.m.

Status : Awaiting Analysis

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

security@checkmk.com

References

https://checkmk.com/werk/17095
security@checkmk.com