Your submission was sent successfully! Close

You have successfully unsubscribed! Close

CVE-2022-24565

Published: 24 February 2022

Checkmk <=2.0.0p19 Fixed in 2.0.0p20 and Checkmk <=1.6.0p27 Fixed in 1.6.0p28 are affected by a Cross Site Scripting (XSS) vulnerability. The Alias of a site was not properly escaped when shown as condition for notifications.

Notes

AuthorNote
0xnishit 
fix 2.0.0p20: https://github.com/tribe29/checkmk/commit/03152e756198c4663d1f9880ba86c015712d9f18
fix 1.6.0p28: https://github.com/tribe29/checkmk/commit/b8d7b671786cb3261d3721aae39e77e69debd1a5
Priority

Medium

CVSS 3 base score: 5.4

Status

Package Release Status
check-mk
Launchpad, Ubuntu, Debian 		bionic
Released (1.2.8p16-1ubuntu0.2)
focal Does not exist

jammy Does not exist

trusty Ignored
(out of standard support)
upstream
Released (2.0.0p20, 1.6.0p28)
xenial
Released (1.2.6p12-1ubuntu0.16.04.1+esm1)

References

Join the discussion

Canonical is offering Expanded Security Maintenance

Canonical is offering Ubuntu Expanded Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›

Further reading