Your submission was sent successfully! Close

CVE-2022-24565

Published: 24 February 2022

Checkmk <=2.0.0p19 Fixed in 2.0.0p20 and Checkmk <=1.6.0p27 Fixed in 1.6.0p28 are affected by a Cross Site Scripting (XSS) vulnerability. The Alias of a site was not properly escaped when shown as condition for notifications.

Notes

AuthorNote
0xnishit
fix 2.0.0p20: https://github.com/tribe29/checkmk/commit/03152e756198c4663d1f9880ba86c015712d9f18
fix 1.6.0p28: https://github.com/tribe29/checkmk/commit/b8d7b671786cb3261d3721aae39e77e69debd1a5
Priority

Medium

CVSS 3 base score: 5.4

Status

Package Release Status
check-mk
Launchpad, Ubuntu, Debian
bionic
Released (1.2.8p16-1ubuntu0.2)
focal Does not exist

jammy Does not exist

trusty Ignored
(out of standard support)
upstream
Released (2.0.0p20, 1.6.0p28)
xenial Ignored
(out of standard support)