CVE-2024-38863

Oct. 15, 2024, 12:57 p.m.

Tags

security@checkmk.com
CWE-598
2024-10-14
CVE-2024-38863

Product(s) Impacted

Checkmk

  • <2.3.0p18
  • <2.2.0p35
  • <2.1.0p48

Description

Exposure of CSRF tokens in query parameters on specific requests in Checkmk GmbH's Checkmk versions <2.3.0p18, <2.2.0p35 and <2.1.0p48 could lead to a leak of the token to facilitate targeted phishing attacks.

Weaknesses

CWE-598
Use of GET Request Method With Sensitive Query Strings

The web application uses the HTTP GET method to process a request and includes sensitive information in the query string of that request.

CWE ID: 598

Date

Published: Oct. 14, 2024, 8:15 a.m.

Last Modified: Oct. 15, 2024, 12:57 p.m.

Status : Awaiting Analysis

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

security@checkmk.com

References

https://checkmk.com/werk/17096
security@checkmk.com