Home

Description

Cross-Site request forgery in Checkmk < 2.3.0p8, < 2.2.0p29, < 2.1.0p45, and <= 2.0.0p39 (EOL) could lead to 1-click compromize of the site.

PUBLISHED Reserved 2024-03-11 | Published 2024-07-10 | Updated 2024-08-02 | Assigner Checkmk




HIGH: 8.8CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Problem types

CWE-352: Cross-Site Request Forgery (CSRF)

Product status

Default status
unaffected

2.3.0 (semver) before 2.3.0p8
affected

2.2.0 (semver) before 2.2.0p29
affected

2.1.0 (semver) before 2.1.0p45
affected

2.0.0 (semver)
affected

Credits

PS Positive Security GmbH reporter

References

checkmk.com/werk/17090

cve.org (CVE-2024-28828)

nvd.nist.gov (CVE-2024-28828)

Download JSON