fkie_nvd - fkie_cve-2022-24564

fkie_cve-2022-24564

Vulnerability from fkie_nvd

Published

2022-02-21 23:15

Modified

2024-11-21 06:50

Severity ?

6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Summary

Checkmk <=2.0.0p19 contains a Cross Site Scripting (XSS) vulnerability. While creating or editing a user attribute, the Help Text is subject to HTML injection, which can be triggered for editing a user.

References

▶	URL	Tags
	cve@mitre.org	https://checkmk.com/werk/13199	Patch, Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	https://checkmk.com/werk/13199	Patch, Vendor Advisory

Impacted products

Vendor	Product	Version
checkmk	checkmk	2.0.0
checkmk	checkmk	2.0.0
checkmk	checkmk	2.0.0
checkmk	checkmk	2.0.0
checkmk	checkmk	2.0.0
checkmk	checkmk	2.0.0
checkmk	checkmk	2.0.0
checkmk	checkmk	2.0.0
checkmk	checkmk	2.0.0
checkmk	checkmk	2.0.0
checkmk	checkmk	2.0.0
checkmk	checkmk	2.0.0
checkmk	checkmk	2.0.0
checkmk	checkmk	2.0.0
checkmk	checkmk	2.0.0
checkmk	checkmk	2.0.0
checkmk	checkmk	2.0.0
checkmk	checkmk	2.0.0
checkmk	checkmk	2.0.0
checkmk	checkmk	2.0.0
checkmk	checkmk	2.0.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:-:*:*:*:*:*:*",
              "matchCriteriaId": "F8EDFDCA-0778-4540-B1D5-D3A986258028",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:b1:*:*:*:*:*:*",
              "matchCriteriaId": "54031390-D7E7-4A14-AA2F-923768B3685F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:b2:*:*:*:*:*:*",
              "matchCriteriaId": "F1B7E35F-5A07-424E-AA09-AC54104D612B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:b3:*:*:*:*:*:*",
              "matchCriteriaId": "8D4AC302-C8F5-4A2B-A73A-982D0AA2495A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:b4:*:*:*:*:*:*",
              "matchCriteriaId": "7A058C71-C39E-4109-B570-4A061013D033",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:b5:*:*:*:*:*:*",
              "matchCriteriaId": "22BCFA79-B3D6-4FFF-A3D3-8C4C97AF17C5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:b6:*:*:*:*:*:*",
              "matchCriteriaId": "2A1703D9-8EEB-432D-90E2-F847CDC4C204",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:b7:*:*:*:*:*:*",
              "matchCriteriaId": "1A4C72BA-6D78-4911-83E4-4DABB2CAC47F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:b8:*:*:*:*:*:*",
              "matchCriteriaId": "081FD127-1066-4019-B521-9FADB85DBD4A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:i1:*:*:*:*:*:*",
              "matchCriteriaId": "C1A4F005-4823-4B2B-B4EF-4EFDB04CFB9B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:p1:*:*:*:*:*:*",
              "matchCriteriaId": "357240B1-F0DA-4FA8-B782-D998951F4B54",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:p10:*:*:*:*:*:*",
              "matchCriteriaId": "2F828F54-04E2-4B98-91A7-B09ED833E88B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:p11:*:*:*:*:*:*",
              "matchCriteriaId": "A4B8B300-8264-40AB-A839-7EACB988163B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:p12:*:*:*:*:*:*",
              "matchCriteriaId": "EB76A8DF-C870-482F-A488-DB2917ABD971",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:p13:*:*:*:*:*:*",
              "matchCriteriaId": "04947B1B-CF67-4C11-8FE3-6C17FD35E2EF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:p14:*:*:*:*:*:*",
              "matchCriteriaId": "591AEC3C-2F48-4E91-9881-42EEDD039C5D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:p15:*:*:*:*:*:*",
              "matchCriteriaId": "C5CA04C8-2C80-4C7E-B329-3FFCBEDEE663",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:p16:*:*:*:*:*:*",
              "matchCriteriaId": "47A1C5AC-C8B7-495A-A5F4-CD4790358A2E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:p17:*:*:*:*:*:*",
              "matchCriteriaId": "B87D8B46-5B04-460D-BBA1-BB19234DA19D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:p18:*:*:*:*:*:*",
              "matchCriteriaId": "C59EA30A-0B7D-4E58-A503-8C2F16B45004",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:checkmk:checkmk:2.0.0:p19:*:*:*:*:*:*",
              "matchCriteriaId": "F2849E4C-09D1-48A5-B28E-F7A4CD3E8967",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Checkmk \u003c=2.0.0p19 contains a Cross Site Scripting (XSS) vulnerability. While creating or editing a user attribute, the Help Text is subject to HTML injection, which can be triggered for editing a user."
    },
    {
      "lang": "es",
      "value": "Checkmk versiones anteriores a 2.0.0p19 incluy\u00e9ndola, contiene una vulnerabilidad de tipo Cross Site Scripting (XSS). Al crear o editar un atributo de usuario, el texto de ayuda est\u00e1 sujeto a la inyecci\u00f3n de HTML, que puede ser desencadenado para editar un usuario"
    }
  ],
  "id": "CVE-2022-24564",
  "lastModified": "2024-11-21T06:50:39.890",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.1,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2022-02-21T23:15:07.717",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://checkmk.com/werk/13199"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://checkmk.com/werk/13199"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CVE-2022-24564 (GCVE-0-2022-24564)

Vulnerability from cvelistv5

Published

2022-02-21 22:14

Modified

2024-08-03 04:13

Severity ?

CWE

Summary

References

►

URL

Tags

https://checkmk.com/werk/13199

x_refsource_MISC