CVE-2024-47094 | THREATINT

Description

Insertion of Sensitive Information into Log File in Checkmk GmbH's Checkmk versions <2.3.0p22, <2.2.0p37, <2.1.0p50 (EOL) causes remote site secrets to be written to web log files accessible to local site users.

PUBLISHED Reserved 2024-09-18 | Published 2024-11-29 | Updated 2025-09-11 | Assigner Checkmk

MEDIUM: 5.7CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Problem types

CWE-532: Insertion of Sensitive Information into Log File

Product status

Default status

unaffected

2.3.0 (semver) before 2.3.0p22

affected

2.2.0 (semver) before 2.2.0p37

affected

2.1.0 (semver) before 2.1.0p50

affected

References

checkmk.com/werk/17342

cve.org (CVE-2024-47094)

nvd.nist.gov (CVE-2024-47094)

Download JSON