CVE-2024-28832: XSS in Crash Report Page
First published: Tue Jun 25 2024(Updated: )
Stored XSS in the Crash Report page in Checkmk before versions 2.3.0p7, 2.2.0p28, 2.1.0p45, and 2.0.0 (EOL) allows users with permission to change Global Settings to execute arbitrary scripts by injecting HTML elements into the Crash Report URL in the Global Settings.
Credit: security@checkmk.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Checkmk NagVis | <=2.0.0 | |
| Checkmk NagVis | =2.1.0 | |
| Checkmk NagVis | =2.1.0-b1 | |
| Checkmk NagVis | =2.1.0-b2 | |
| Checkmk NagVis | =2.1.0-b3 | |
| Checkmk NagVis | =2.1.0-b4 | |
| Checkmk NagVis | =2.1.0-b5 | |
| Checkmk NagVis | =2.1.0-b6 | |
| Checkmk NagVis | =2.1.0-b7 | |
| Checkmk NagVis | =2.1.0-b8 | |
| Checkmk NagVis | =2.1.0-b9 | |
| Checkmk NagVis | =2.1.0-p1 | |
| Checkmk NagVis | =2.1.0-p10 | |
| Checkmk NagVis | =2.1.0-p11 | |
| Checkmk NagVis | =2.1.0-p12 | |
| Checkmk NagVis | =2.1.0-p13 | |
| Checkmk NagVis | =2.1.0-p14 | |
| Checkmk NagVis | =2.1.0-p15 | |
| Checkmk NagVis | =2.1.0-p16 | |
| Checkmk NagVis | =2.1.0-p17 | |
| Checkmk NagVis | =2.1.0-p18 | |
| Checkmk NagVis | =2.1.0-p19 | |
| Checkmk NagVis | =2.1.0-p2 | |
| Checkmk NagVis | =2.1.0-p20 | |
| Checkmk NagVis | =2.1.0-p21 | |
| Checkmk NagVis | =2.1.0-p22 | |
| Checkmk NagVis | =2.1.0-p23 | |
| Checkmk NagVis | =2.1.0-p24 | |
| Checkmk NagVis | =2.1.0-p25 | |
| Checkmk NagVis | =2.1.0-p26 | |
| Checkmk NagVis | =2.1.0-p27 | |
| Checkmk NagVis | =2.1.0-p28 | |
| Checkmk NagVis | =2.1.0-p29 | |
| Checkmk NagVis | =2.1.0-p3 | |
| Checkmk NagVis | =2.1.0-p30 | |
| Checkmk NagVis | =2.1.0-p31 | |
| Checkmk NagVis | =2.1.0-p32 | |
| Checkmk NagVis | =2.1.0-p33 | |
| Checkmk NagVis | =2.1.0-p34 | |
| Checkmk NagVis | =2.1.0-p35 | |
| Checkmk NagVis | =2.1.0-p36 | |
| Checkmk NagVis | =2.1.0-p37 | |
| Checkmk NagVis | =2.1.0-p38 | |
| Checkmk NagVis | =2.1.0-p39 | |
| Checkmk NagVis | =2.1.0-p4 | |
| Checkmk NagVis | =2.1.0-p40 | |
| Checkmk NagVis | =2.1.0-p41 | |
| Checkmk NagVis | =2.1.0-p42 | |
| Checkmk NagVis | =2.1.0-p43 | |
| Checkmk NagVis | =2.1.0-p44 | |
| Checkmk NagVis | =2.1.0-p5 | |
| Checkmk NagVis | =2.1.0-p6 | |
| Checkmk NagVis | =2.1.0-p7 | |
| Checkmk NagVis | =2.1.0-p8 | |
| Checkmk NagVis | =2.1.0-p9 | |
| Checkmk NagVis | =2.2.0 | |
| Checkmk NagVis | =2.2.0-b1 | |
| Checkmk NagVis | =2.2.0-b2 | |
| Checkmk NagVis | =2.2.0-b3 | |
| Checkmk NagVis | =2.2.0-b4 | |
| Checkmk NagVis | =2.2.0-b5 | |
| Checkmk NagVis | =2.2.0-b6 | |
| Checkmk NagVis | =2.2.0-b7 | |
| Checkmk NagVis | =2.2.0-b8 | |
| Checkmk NagVis | =2.2.0-i1 | |
| Checkmk NagVis | =2.2.0-p1 | |
| Checkmk NagVis | =2.2.0-p10 | |
| Checkmk NagVis | =2.2.0-p11 | |
| Checkmk NagVis | =2.2.0-p12 | |
| Checkmk NagVis | =2.2.0-p13 | |
| Checkmk NagVis | =2.2.0-p14 | |
| Checkmk NagVis | =2.2.0-p15 | |
| Checkmk NagVis | =2.2.0-p16 | |
| Checkmk NagVis | =2.2.0-p17 | |
| Checkmk NagVis | =2.2.0-p18 | |
| Checkmk NagVis | =2.2.0-p19 | |
| Checkmk NagVis | =2.2.0-p2 | |
| Checkmk NagVis | =2.2.0-p20 | |
| Checkmk NagVis | =2.2.0-p21 | |
| Checkmk NagVis | =2.2.0-p22 | |
| Checkmk NagVis | =2.2.0-p23 | |
| Checkmk NagVis | =2.2.0-p24 | |
| Checkmk NagVis | =2.2.0-p25 | |
| Checkmk NagVis | =2.2.0-p26 | |
| Checkmk NagVis | =2.2.0-p27 | |
| Checkmk NagVis | =2.2.0-p3 | |
| Checkmk NagVis | =2.2.0-p4 | |
| Checkmk NagVis | =2.2.0-p5 | |
| Checkmk NagVis | =2.2.0-p6 | |
| Checkmk NagVis | =2.2.0-p7 | |
| Checkmk NagVis | =2.2.0-p8 | |
| Checkmk NagVis | =2.2.0-p9 | |
| Checkmk NagVis | =2.3.0 | |
| Checkmk NagVis | =2.3.0-b1 | |
| Checkmk NagVis | =2.3.0-b2 | |
| Checkmk NagVis | =2.3.0-b3 | |
| Checkmk NagVis | =2.3.0-b4 | |
| Checkmk NagVis | =2.3.0-b5 | |
| Checkmk NagVis | =2.3.0-b6 | |
| Checkmk NagVis | =2.3.0-p1 | |
| Checkmk NagVis | =2.3.0-p2 | |
| Checkmk NagVis | =2.3.0-p3 | |
| Checkmk NagVis | =2.3.0-p4 | |
| Checkmk NagVis | =2.3.0-p5 | |
| Checkmk NagVis | =2.3.0-p6 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2024-28832?
CVE-2024-28832 is classified as a stored cross-site scripting (XSS) vulnerability.
How can I fix CVE-2024-28832?
To mitigate CVE-2024-28832, it is recommended to upgrade to Checkmk versions 2.3.0p7, 2.2.0p28, 2.1.0p45, or later.
What versions of Checkmk are affected by CVE-2024-28832?
CVE-2024-28832 affects Checkmk versions before 2.3.0p7, 2.2.0p28, 2.1.0p45, and 2.0.0.
Who is vulnerable to CVE-2024-28832?
Users with permission to change Global Settings in affected Checkmk versions are vulnerable to CVE-2024-28832.
What kinds of attacks can CVE-2024-28832 enable?
CVE-2024-28832 can enable attackers to execute arbitrary scripts by injecting HTML elements into the Crash Report page.
- agent/weakness
- agent/title
- agent/references
- agent/first-publish-date
- agent/description
- agent/type
- agent/author
- agent/severity
- agent/event
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/softwarecombine
- agent/source
- agent/tags
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/checkmk
- canonical/checkmk nagvis
- version/checkmk nagvis/2.0.0
- version/checkmk nagvis/2.1.0
- version/checkmk nagvis/2.1.0-b1
- version/checkmk nagvis/2.1.0-b2
- version/checkmk nagvis/2.1.0-b3
- version/checkmk nagvis/2.1.0-b4
- version/checkmk nagvis/2.1.0-b5
- version/checkmk nagvis/2.1.0-b6
- version/checkmk nagvis/2.1.0-b7
- version/checkmk nagvis/2.1.0-b8
- version/checkmk nagvis/2.1.0-b9
- version/checkmk nagvis/2.1.0-p1
- version/checkmk nagvis/2.1.0-p10
- version/checkmk nagvis/2.1.0-p11
- version/checkmk nagvis/2.1.0-p12
- version/checkmk nagvis/2.1.0-p13
- version/checkmk nagvis/2.1.0-p14
- version/checkmk nagvis/2.1.0-p15
- version/checkmk nagvis/2.1.0-p16
- version/checkmk nagvis/2.1.0-p17
- version/checkmk nagvis/2.1.0-p18
- version/checkmk nagvis/2.1.0-p19
- version/checkmk nagvis/2.1.0-p2
- version/checkmk nagvis/2.1.0-p20
- version/checkmk nagvis/2.1.0-p21
- version/checkmk nagvis/2.1.0-p22
- version/checkmk nagvis/2.1.0-p23
- version/checkmk nagvis/2.1.0-p24
- version/checkmk nagvis/2.1.0-p25
- version/checkmk nagvis/2.1.0-p26
- version/checkmk nagvis/2.1.0-p27
- version/checkmk nagvis/2.1.0-p28
- version/checkmk nagvis/2.1.0-p29
- version/checkmk nagvis/2.1.0-p3
- version/checkmk nagvis/2.1.0-p30
- version/checkmk nagvis/2.1.0-p31
- version/checkmk nagvis/2.1.0-p32
- version/checkmk nagvis/2.1.0-p33
- version/checkmk nagvis/2.1.0-p34
- version/checkmk nagvis/2.1.0-p35
- version/checkmk nagvis/2.1.0-p36
- version/checkmk nagvis/2.1.0-p37
- version/checkmk nagvis/2.1.0-p38
- version/checkmk nagvis/2.1.0-p39
- version/checkmk nagvis/2.1.0-p4
- version/checkmk nagvis/2.1.0-p40
- version/checkmk nagvis/2.1.0-p41
- version/checkmk nagvis/2.1.0-p42
- version/checkmk nagvis/2.1.0-p43
- version/checkmk nagvis/2.1.0-p44
- version/checkmk nagvis/2.1.0-p5
- version/checkmk nagvis/2.1.0-p6
- version/checkmk nagvis/2.1.0-p7
- version/checkmk nagvis/2.1.0-p8
- version/checkmk nagvis/2.1.0-p9
- version/checkmk nagvis/2.2.0
- version/checkmk nagvis/2.2.0-b1
- version/checkmk nagvis/2.2.0-b2
- version/checkmk nagvis/2.2.0-b3
- version/checkmk nagvis/2.2.0-b4
- version/checkmk nagvis/2.2.0-b5
- version/checkmk nagvis/2.2.0-b6
- version/checkmk nagvis/2.2.0-b7
- version/checkmk nagvis/2.2.0-b8
- version/checkmk nagvis/2.2.0-i1
- version/checkmk nagvis/2.2.0-p1
- version/checkmk nagvis/2.2.0-p10
- version/checkmk nagvis/2.2.0-p11
- version/checkmk nagvis/2.2.0-p12
- version/checkmk nagvis/2.2.0-p13
- version/checkmk nagvis/2.2.0-p14
- version/checkmk nagvis/2.2.0-p15
- version/checkmk nagvis/2.2.0-p16
- version/checkmk nagvis/2.2.0-p17
- version/checkmk nagvis/2.2.0-p18
- version/checkmk nagvis/2.2.0-p19
- version/checkmk nagvis/2.2.0-p2
- version/checkmk nagvis/2.2.0-p20
- version/checkmk nagvis/2.2.0-p21
- version/checkmk nagvis/2.2.0-p22
- version/checkmk nagvis/2.2.0-p23
- version/checkmk nagvis/2.2.0-p24
- version/checkmk nagvis/2.2.0-p25
- version/checkmk nagvis/2.2.0-p26
- version/checkmk nagvis/2.2.0-p27
- version/checkmk nagvis/2.2.0-p3
- version/checkmk nagvis/2.2.0-p4
- version/checkmk nagvis/2.2.0-p5
- version/checkmk nagvis/2.2.0-p6
- version/checkmk nagvis/2.2.0-p7
- version/checkmk nagvis/2.2.0-p8
- version/checkmk nagvis/2.2.0-p9
- version/checkmk nagvis/2.3.0
- version/checkmk nagvis/2.3.0-b1
- version/checkmk nagvis/2.3.0-b2
- version/checkmk nagvis/2.3.0-b3
- version/checkmk nagvis/2.3.0-b4
- version/checkmk nagvis/2.3.0-b5
- version/checkmk nagvis/2.3.0-b6
- version/checkmk nagvis/2.3.0-p1
- version/checkmk nagvis/2.3.0-p2
- version/checkmk nagvis/2.3.0-p3
- version/checkmk nagvis/2.3.0-p4
- version/checkmk nagvis/2.3.0-p5
- version/checkmk nagvis/2.3.0-p6