CVE-2024-47094

Dec. 3, 2024, 8:01 p.m.

5.5
Medium

Description

Insertion of Sensitive Information into Log File in Checkmk GmbH's Checkmk versions <2.3.0p22, <2.2.0p37, <2.1.0p50 (EOL) causes remote site secrets to be written to web log files accessible to local site users.

Product(s) Impacted

Vendor Product Versions
Checkmk
  • Checkmk
  • 2.1.0, 2.2.0, 2.3.0

Weaknesses

Common security weaknesses mapped to this vulnerability.

CWE-532
Insertion of Sensitive Information into Log File
Information written to log files can be of a sensitive nature and give valuable guidance to an attacker or expose sensitive user information.

*CPE(s)

Affected systems and software identified for this CVE.

Type Vendor Product Version Update Edition Language Software Edition Target Software Target Hardware Other Information
a checkmk checkmk 2.1.0 / / / / / / /
a checkmk checkmk 2.2.0 - / / / / / /
a checkmk checkmk 2.2.0 b1 / / / / / /
a checkmk checkmk 2.2.0 b2 / / / / / /
a checkmk checkmk 2.2.0 b3 / / / / / /
a checkmk checkmk 2.2.0 b4 / / / / / /
a checkmk checkmk 2.2.0 b5 / / / / / /
a checkmk checkmk 2.2.0 b6 / / / / / /
a checkmk checkmk 2.2.0 b7 / / / / / /
a checkmk checkmk 2.2.0 b8 / / / / / /
a checkmk checkmk 2.2.0 i1 / / / / / /
a checkmk checkmk 2.2.0 p1 / / / / / /
a checkmk checkmk 2.2.0 p10 / / / / / /
a checkmk checkmk 2.2.0 p11 / / / / / /
a checkmk checkmk 2.2.0 p12 / / / / / /
a checkmk checkmk 2.2.0 p13 / / / / / /
a checkmk checkmk 2.2.0 p14 / / / / / /
a checkmk checkmk 2.2.0 p15 / / / / / /
a checkmk checkmk 2.2.0 p16 / / / / / /
a checkmk checkmk 2.2.0 p17 / / / / / /
a checkmk checkmk 2.2.0 p18 / / / / / /
a checkmk checkmk 2.2.0 p19 / / / / / /
a checkmk checkmk 2.2.0 p2 / / / / / /
a checkmk checkmk 2.2.0 p20 / / / / / /
a checkmk checkmk 2.2.0 p21 / / / / / /
a checkmk checkmk 2.2.0 p22 / / / / / /
a checkmk checkmk 2.2.0 p23 / / / / / /
a checkmk checkmk 2.2.0 p24 / / / / / /
a checkmk checkmk 2.2.0 p25 / / / / / /
a checkmk checkmk 2.2.0 p26 / / / / / /
a checkmk checkmk 2.2.0 p27 / / / / / /
a checkmk checkmk 2.2.0 p28 / / / / / /
a checkmk checkmk 2.2.0 p29 / / / / / /
a checkmk checkmk 2.2.0 p3 / / / / / /
a checkmk checkmk 2.2.0 p30 / / / / / /
a checkmk checkmk 2.2.0 p31 / / / / / /
a checkmk checkmk 2.2.0 p32 / / / / / /
a checkmk checkmk 2.2.0 p33 / / / / / /
a checkmk checkmk 2.2.0 p34 / / / / / /
a checkmk checkmk 2.2.0 p35 / / / / / /
a checkmk checkmk 2.2.0 p36 / / / / / /
a checkmk checkmk 2.2.0 p4 / / / / / /
a checkmk checkmk 2.2.0 p5 / / / / / /
a checkmk checkmk 2.2.0 p6 / / / / / /
a checkmk checkmk 2.2.0 p7 / / / / / /
a checkmk checkmk 2.2.0 p8 / / / / / /
a checkmk checkmk 2.2.0 p9 / / / / / /
a checkmk checkmk 2.3.0 - / / / / / /
a checkmk checkmk 2.3.0 b1 / / / / / /
a checkmk checkmk 2.3.0 b2 / / / / / /
a checkmk checkmk 2.3.0 b3 / / / / / /
a checkmk checkmk 2.3.0 b4 / / / / / /
a checkmk checkmk 2.3.0 b5 / / / / / /
a checkmk checkmk 2.3.0 b6 / / / / / /
a checkmk checkmk 2.3.0 p1 / / / / / /
a checkmk checkmk 2.3.0 p10 / / / / / /
a checkmk checkmk 2.3.0 p11 / / / / / /
a checkmk checkmk 2.3.0 p12 / / / / / /
a checkmk checkmk 2.3.0 p13 / / / / / /
a checkmk checkmk 2.3.0 p14 / / / / / /
a checkmk checkmk 2.3.0 p15 / / / / / /
a checkmk checkmk 2.3.0 p16 / / / / / /
a checkmk checkmk 2.3.0 p17 / / / / / /
a checkmk checkmk 2.3.0 p18 / / / / / /
a checkmk checkmk 2.3.0 p19 / / / / / /
a checkmk checkmk 2.3.0 p2 / / / / / /
a checkmk checkmk 2.3.0 p20 / / / / / /
a checkmk checkmk 2.3.0 p21 / / / / / /
a checkmk checkmk 2.3.0 p3 / / / / / /
a checkmk checkmk 2.3.0 p4 / / / / / /
a checkmk checkmk 2.3.0 p5 / / / / / /
a checkmk checkmk 2.3.0 p6 / / / / / /
a checkmk checkmk 2.3.0 p7 / / / / / /
a checkmk checkmk 2.3.0 p8 / / / / / /
a checkmk checkmk 2.3.0 p9 / / / / / /

References

https://checkmk.com/werk/17342

Tags

CWE-532
security@checkmk.com
2024-11-29
CVE-2024-47094

CVSS Score

5.5 / 10

CVSS Data - 3.1

  • Attack Vector: LOCAL
  • Attack Complexity: LOW
  • Privileges Required: LOW
  • Scope: UNCHANGED
  • Confidentiality Impact: HIGH
  • Integrity Impact: NONE
  • Availability Impact: NONE

    • CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

    View Vector String

Timeline

Published: Nov. 29, 2024, 10:15 a.m.
Last Modified: Dec. 3, 2024, 8:01 p.m.

Status : Analyzed

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

security@checkmk.com

*Disclaimer: Some vulnerabilities do not have an associated CPE. To enhance the data, we use AI to infer CPEs based on CVE details. This is an automated process and might not always be accurate.