CVE-2024-47094
published 2024-11-29CVE-2024-47094: Insertion of Sensitive Information into Log File in Checkmk GmbH's Checkmk versions <2.3.0p22, <2.2.0p37, <2.1.0p50 (EOL) causes remote site secrets to be…
PriorityP422medium5.5CVSS 3.1
AVLACLPRLUINSUCHINAN
EPSS
0.21%
11.5th percentile
Insertion of Sensitive Information into Log File in Checkmk GmbH's Checkmk versions <2.3.0p22, <2.2.0p37, <2.1.0p50 (EOL) causes remote site secrets to be written to web log files accessible to local site users.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| checkmk | checkmk | — | — |
| checkmk | checkmk | — | — |
| checkmk | checkmk | — | — |
| checkmk_gmbh | checkmk | >= 2.1.0 < 2.1.0p50 | 2.1.0p50 |
| checkmk_gmbh | checkmk | >= 2.2.0 < 2.2.0p37 | 2.2.0p37 |
| checkmk_gmbh | checkmk | >= 2.3.0 < 2.3.0p22 | 2.3.0p22 |
CVSS provenance
nvdv3.15.5MEDIUMCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
nvdv4.05.7MEDIUMCVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
osv5.7MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
CVE-2024-47094: Insertion of Sensitive Information into Log File in Checkmk GmbH's Checkmk versions <2
osv·2024-11-29·CVSS 5.7
CVE-2024-47094 [MEDIUM] CVE-2024-47094: Insertion of Sensitive Information into Log File in Checkmk GmbH's Checkmk versions <2
Insertion of Sensitive Information into Log File in Checkmk GmbH's Checkmk versions <2.3.0p22, <2.2.0p37, <2.1.0p50 (EOL) causes remote site secrets to be written to web log files accessible to local site users.
GHSA
GHSA-f63f-f9wj-5wjg: Insertion of Sensitive Information into Log File in Checkmk GmbH's Checkmk versions <2
ghsa_unreviewed·2024-11-29
CVE-2024-47094 [MEDIUM] CWE-532 GHSA-f63f-f9wj-5wjg: Insertion of Sensitive Information into Log File in Checkmk GmbH's Checkmk versions <2
Insertion of Sensitive Information into Log File in Checkmk GmbH's Checkmk versions <2.3.0p22, <2.2.0p37, <2.1.0p50 (EOL) causes remote site secrets to be written to web log files accessible to local site users.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2024-11-29
Published