CVE-2024-38863
Oct. 15, 2024, 12:57 p.m.
Tags
Product(s) Impacted
Checkmk
- <2.3.0p18
- <2.2.0p35
- <2.1.0p48
Description
Exposure of CSRF tokens in query parameters on specific requests in Checkmk GmbH's Checkmk versions <2.3.0p18, <2.2.0p35 and <2.1.0p48 could lead to a leak of the token to facilitate targeted phishing attacks.
Weaknesses
CWE-598
Use of GET Request Method With Sensitive Query Strings
The web application uses the HTTP GET method to process a request and includes sensitive information in the query string of that request.
CWE ID: 598Date
Published: Oct. 14, 2024, 8:15 a.m.
Last Modified: Oct. 15, 2024, 12:57 p.m.
Status : Awaiting Analysis
CVE has been recently published to the CVE List and has been received by the NVD.
More infoSource
security@checkmk.com