What is CVE-2022-24566?

CVE-2022-24566 is a vulnerability in Checkmk <=2.0.0p19 fixed in 2.0.0p20 and Checkmk <=1.6.0p27 fixed in 1.6.0p28 that allows for Cross Site Scripting (XSS) through improper escaping of a Predefined condition's title.

How severe is CVE-2022-24566?

CVE-2022-24566 has a severity rating of medium with a CVSS score of 5.4 out of 10.

What software versions are affected by CVE-2022-24566?

CVE-2022-24566 affects Checkmk versions 1.6.0 and 2.0.0, specifically versions up to 1.6.0p19 and 2.0.0p19 respectively.

How can I fix CVE-2022-24566?

To fix CVE-2022-24566, it is recommended to update Checkmk to version 2.0.0p20 or higher for Checkmk 2.0.0, and version 1.6.0p28 or higher for Checkmk 1.6.0.

Where can I find more information about CVE-2022-24566?

You can find more information about CVE-2022-24566 on the official Checkmk website at the following link: [CVE-2022-24566](https://checkmk.com/werk/13717).

Vulnerability/
CVE-2022-24566

medium

5.4

CWE

23/2/2022

3/8/2024

CVE-2022-24566: XSS

Q: How severe is CVE-2022-24566?

CVE-2022-24566 has a severity rating of medium with a CVSS score of 5.4 out of 10.

Q: What software versions are affected by CVE-2022-24566?

CVE-2022-24566 affects Checkmk versions 1.6.0 and 2.0.0, specifically versions up to 1.6.0p19 and 2.0.0p19 respectively.

Q: How can I fix CVE-2022-24566?

To fix CVE-2022-24566, it is recommended to update Checkmk to version 2.0.0p20 or higher for Checkmk 2.0.0, and version 1.6.0p28 or higher for Checkmk 1.6.0.

Q: Where can I find more information about CVE-2022-24566?

You can find more information about CVE-2022-24566 on the official Checkmk website at the following link: [CVE-2022-24566](https://checkmk.com/werk/13717).

First published: Wed Feb 23 2022(Updated: )

In Checkmk <=2.0.0p19 fixed in 2.0.0p20 and Checkmk <=1.6.0p27 fixed in 1.6.0p28, the title of a Predefined condition is not properly escaped when shown as condition, which can result in Cross Site Scripting (XSS).

Credit: cve@mitre.org

Affected Software	Affected Version	How to fix
Checkmk NagVis	=1.6.0
Checkmk NagVis	=1.6.0-b1
Checkmk NagVis	=1.6.0-b10
Checkmk NagVis	=1.6.0-b12
Checkmk NagVis	=1.6.0-b3
Checkmk NagVis	=1.6.0-b4
Checkmk NagVis	=1.6.0-b5
Checkmk NagVis	=1.6.0-b9
Checkmk NagVis	=1.6.0-p1
Checkmk NagVis	=1.6.0-p10
Checkmk NagVis	=1.6.0-p11
Checkmk NagVis	=1.6.0-p12
Checkmk NagVis	=1.6.0-p13
Checkmk NagVis	=1.6.0-p14
Checkmk NagVis	=1.6.0-p15
Checkmk NagVis	=1.6.0-p16
Checkmk NagVis	=1.6.0-p19
Checkmk NagVis	=1.6.0-p2
Checkmk NagVis	=1.6.0-p20
Checkmk NagVis	=1.6.0-p21
Checkmk NagVis	=1.6.0-p22
Checkmk NagVis	=1.6.0-p23
Checkmk NagVis	=1.6.0-p24
Checkmk NagVis	=1.6.0-p25
Checkmk NagVis	=1.6.0-p26
Checkmk NagVis	=1.6.0-p27
Checkmk NagVis	=2.0.0
Checkmk NagVis	=2.0.0-b1
Checkmk NagVis	=2.0.0-b2
Checkmk NagVis	=2.0.0-b3
Checkmk NagVis	=2.0.0-b4
Checkmk NagVis	=2.0.0-b5
Checkmk NagVis	=2.0.0-b6
Checkmk NagVis	=2.0.0-b7
Checkmk NagVis	=2.0.0-b8
Checkmk NagVis	=2.0.0-i1
Checkmk NagVis	=2.0.0-p1
Checkmk NagVis	=2.0.0-p10
Checkmk NagVis	=2.0.0-p11
Checkmk NagVis	=2.0.0-p12
Checkmk NagVis	=2.0.0-p13
Checkmk NagVis	=2.0.0-p14
Checkmk NagVis	=2.0.0-p15
Checkmk NagVis	=2.0.0-p16
Checkmk NagVis	=2.0.0-p17
Checkmk NagVis	=2.0.0-p18
Checkmk NagVis	=2.0.0-p19
Checkmk NagVis	=1.6.0
Checkmk NagVis	=1.6.0-b1
Checkmk NagVis	=1.6.0-b10
Checkmk NagVis	=1.6.0-b12
Checkmk NagVis	=1.6.0-b3
Checkmk NagVis	=1.6.0-b4
Checkmk NagVis	=1.6.0-b5
Checkmk NagVis	=1.6.0-b9
Checkmk NagVis	=1.6.0-p1
Checkmk NagVis	=1.6.0-p10
Checkmk NagVis	=1.6.0-p11
Checkmk NagVis	=1.6.0-p12
Checkmk NagVis	=1.6.0-p13
Checkmk NagVis	=1.6.0-p14
Checkmk NagVis	=1.6.0-p15
Checkmk NagVis	=1.6.0-p16
Checkmk NagVis	=1.6.0-p19
Checkmk NagVis	=1.6.0-p2
Checkmk NagVis	=1.6.0-p20
Checkmk NagVis	=1.6.0-p21
Checkmk NagVis	=1.6.0-p22
Checkmk NagVis	=1.6.0-p23
Checkmk NagVis	=1.6.0-p24
Checkmk NagVis	=1.6.0-p25
Checkmk NagVis	=1.6.0-p26
Checkmk NagVis	=1.6.0-p27
Checkmk NagVis	=2.0.0
Checkmk NagVis	=2.0.0-b1
Checkmk NagVis	=2.0.0-b2
Checkmk NagVis	=2.0.0-b3
Checkmk NagVis	=2.0.0-b4
Checkmk NagVis	=2.0.0-b5
Checkmk NagVis	=2.0.0-b6
Checkmk NagVis	=2.0.0-b7
Checkmk NagVis	=2.0.0-b8
Checkmk NagVis	=2.0.0-i1
Checkmk NagVis	=2.0.0-p1
Checkmk NagVis	=2.0.0-p10
Checkmk NagVis	=2.0.0-p11
Checkmk NagVis	=2.0.0-p12
Checkmk NagVis	=2.0.0-p13
Checkmk NagVis	=2.0.0-p14
Checkmk NagVis	=2.0.0-p15
Checkmk NagVis	=2.0.0-p16
Checkmk NagVis	=2.0.0-p17
Checkmk NagVis	=2.0.0-p18
Checkmk NagVis	=2.0.0-p19

Never miss a vulnerability like this again

Reference Links

https://checkmk.com/werk/13717

Frequently Asked Questions

What is CVE-2022-24566?
CVE-2022-24566 is a vulnerability in Checkmk <=2.0.0p19 fixed in 2.0.0p20 and Checkmk <=1.6.0p27 fixed in 1.6.0p28 that allows for Cross Site Scripting (XSS) through improper escaping of a Predefined condition's title.
How severe is CVE-2022-24566?
CVE-2022-24566 has a severity rating of medium with a CVSS score of 5.4 out of 10.
What software versions are affected by CVE-2022-24566?
CVE-2022-24566 affects Checkmk versions 1.6.0 and 2.0.0, specifically versions up to 1.6.0p19 and 2.0.0p19 respectively.
How can I fix CVE-2022-24566?
To fix CVE-2022-24566, it is recommended to update Checkmk to version 2.0.0p20 or higher for Checkmk 2.0.0, and version 1.6.0p28 or higher for Checkmk 1.6.0.
Where can I find more information about CVE-2022-24566?
You can find more information about CVE-2022-24566 on the official Checkmk website at the following link: [CVE-2022-24566](https://checkmk.com/werk/13717).

agent/type
agent/severity
agent/author
agent/references
agent/weakness
agent/description
agent/softwarecombine
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/first-publish-date
agent/event
agent/source
agent/tags
collector/nvd-index
agent/software-canonical-lookup-request
collector/nvd-api
source/NVD
agent/software-canonical-lookup
vendor/tribe29
canonical/checkmk nagvis
version/checkmk nagvis/1.6.0
version/checkmk nagvis/1.6.0-b1
version/checkmk nagvis/1.6.0-b10
version/checkmk nagvis/1.6.0-b12
version/checkmk nagvis/1.6.0-b3
version/checkmk nagvis/1.6.0-b4
version/checkmk nagvis/1.6.0-b5
version/checkmk nagvis/1.6.0-b9
version/checkmk nagvis/1.6.0-p1
version/checkmk nagvis/1.6.0-p10
version/checkmk nagvis/1.6.0-p11
version/checkmk nagvis/1.6.0-p12
version/checkmk nagvis/1.6.0-p13
version/checkmk nagvis/1.6.0-p14
version/checkmk nagvis/1.6.0-p15
version/checkmk nagvis/1.6.0-p16
version/checkmk nagvis/1.6.0-p19
version/checkmk nagvis/1.6.0-p2
version/checkmk nagvis/1.6.0-p20
version/checkmk nagvis/1.6.0-p21
version/checkmk nagvis/1.6.0-p22
version/checkmk nagvis/1.6.0-p23
version/checkmk nagvis/1.6.0-p24
version/checkmk nagvis/1.6.0-p25
version/checkmk nagvis/1.6.0-p26
version/checkmk nagvis/1.6.0-p27
version/checkmk nagvis/2.0.0
version/checkmk nagvis/2.0.0-b1
version/checkmk nagvis/2.0.0-b2
version/checkmk nagvis/2.0.0-b3
version/checkmk nagvis/2.0.0-b4
version/checkmk nagvis/2.0.0-b5
version/checkmk nagvis/2.0.0-b6
version/checkmk nagvis/2.0.0-b7
version/checkmk nagvis/2.0.0-b8
version/checkmk nagvis/2.0.0-i1
version/checkmk nagvis/2.0.0-p1
version/checkmk nagvis/2.0.0-p10
version/checkmk nagvis/2.0.0-p11
version/checkmk nagvis/2.0.0-p12
version/checkmk nagvis/2.0.0-p13
version/checkmk nagvis/2.0.0-p14
version/checkmk nagvis/2.0.0-p15
version/checkmk nagvis/2.0.0-p16
version/checkmk nagvis/2.0.0-p17
version/checkmk nagvis/2.0.0-p18
version/checkmk nagvis/2.0.0-p19
vendor/checkmk