CVE-2024-38862
published 2024-10-14CVE-2024-38862: Insertion of Sensitive Information into Log File in Checkmk GmbH's Checkmk versions <2.3.0p18, <2.2.0p35, <2.1.0p48 and <=2.0.0p39 (EOL) causes SNMP and IMPI…
PriorityP418medium4.4CVSS 3.1
AVLACLPRHUINSUCHINAN
EPSS
0.32%
23.9th percentile
Insertion of Sensitive Information into Log File in Checkmk GmbH's Checkmk versions <2.3.0p18, <2.2.0p35, <2.1.0p48 and <=2.0.0p39 (EOL) causes SNMP and IMPI secrets of host and folder properties to be written to audit log files accessible to administrators.
Affected
8 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| checkmk | checkmk | — | — |
| checkmk | checkmk | — | — |
| checkmk | checkmk | — | — |
| checkmk | checkmk | — | — |
| checkmk_gmbh | checkmk | 2.0.0 – 2.0.0p39 | — |
| checkmk_gmbh | checkmk | >= 2.1.0 < 2.1.0p48 | 2.1.0p48 |
| checkmk_gmbh | checkmk | >= 2.2.0 < 2.2.0p35 | 2.2.0p35 |
| checkmk_gmbh | checkmk | >= 2.3.0 < 2.3.0p18 | 2.3.0p18 |
CVSS provenance
nvdv3.14.4MEDIUMCVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
nvdv4.05.1MEDIUMCVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:N/SC:L/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
osv2.0LOW
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
CVE-2024-38862: Insertion of Sensitive Information into Log File in Checkmk GmbH's Checkmk versions <2
osv·2024-10-14·CVSS 2.0
CVE-2024-38862 [LOW] CVE-2024-38862: Insertion of Sensitive Information into Log File in Checkmk GmbH's Checkmk versions <2
Insertion of Sensitive Information into Log File in Checkmk GmbH's Checkmk versions <2.3.0p18, <2.2.0p35, <2.1.0p48 and <=2.0.0p39 (EOL) causes SNMP and IMPI secrets of host and folder properties to be written to audit log files accessible to administrators.
GHSA
GHSA-mwrq-qv64-xgq7: Insertion of Sensitive Information into Log File in Checkmk GmbH's Checkmk versions <2
ghsa_unreviewed·2024-10-14
CVE-2024-38862 [MEDIUM] CWE-532 GHSA-mwrq-qv64-xgq7: Insertion of Sensitive Information into Log File in Checkmk GmbH's Checkmk versions <2
Insertion of Sensitive Information into Log File in Checkmk GmbH's Checkmk versions <2.3.0p18, <2.2.0p35, <2.1.0p48 and <=2.0.0p39 (EOL) causes SNMP and IMPI secrets of host and folder properties to be written to audit log files accessible to administrators.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2024-10-14
Published