What is the severity of CVE-2024-38857?

CVE-2024-38857 has been classified as a medium severity vulnerability.

How do I fix CVE-2024-38857?

To fix CVE-2024-38857, you should upgrade Checkmk to version 2.3.0p8 or later, or to versions 2.2.0p28, 2.1.0p45, or 2.0.0.

Who is affected by CVE-2024-38857?

Any user running Checkmk versions prior to 2.3.0p8, 2.2.0p28, 2.1.0p45, and 2.0.0 is affected by CVE-2024-38857.

What type of vulnerability is CVE-2024-38857?

CVE-2024-38857 is characterized as an improper neutralization of input that may allow for phishing attacks.

Can CVE-2024-38857 be exploited remotely?

Yes, CVE-2024-38857 can be exploited remotely as it involves malicious link crafting.

Vulnerability/
CVE-2024-38857

medium

6.1

CWE

2/7/2024

4/12/2024

CVE-2024-38857: Reflected links in visuals facilitate phishing attacks

First published: Tue Jul 02 2024(Updated: )

Improper neutralization of input in Checkmk before versions 2.3.0p8, 2.2.0p28, 2.1.0p45, and 2.0.0 (EOL) allows attackers to craft malicious links that can facilitate phishing attacks.

Credit: security@checkmk.com

Affected Software	Affected Version	How to fix
Checkmk NagVis	<=2.0.0
Checkmk NagVis	=2.1.0
Checkmk NagVis	=2.1.0-b1
Checkmk NagVis	=2.1.0-b2
Checkmk NagVis	=2.1.0-b3
Checkmk NagVis	=2.1.0-b4
Checkmk NagVis	=2.1.0-b5
Checkmk NagVis	=2.1.0-b6
Checkmk NagVis	=2.1.0-b7
Checkmk NagVis	=2.1.0-b8
Checkmk NagVis	=2.1.0-b9
Checkmk NagVis	=2.1.0-p1
Checkmk NagVis	=2.1.0-p10
Checkmk NagVis	=2.1.0-p11
Checkmk NagVis	=2.1.0-p12
Checkmk NagVis	=2.1.0-p13
Checkmk NagVis	=2.1.0-p14
Checkmk NagVis	=2.1.0-p15
Checkmk NagVis	=2.1.0-p16
Checkmk NagVis	=2.1.0-p17
Checkmk NagVis	=2.1.0-p18
Checkmk NagVis	=2.1.0-p19
Checkmk NagVis	=2.1.0-p2
Checkmk NagVis	=2.1.0-p20
Checkmk NagVis	=2.1.0-p21
Checkmk NagVis	=2.1.0-p22
Checkmk NagVis	=2.1.0-p23
Checkmk NagVis	=2.1.0-p24
Checkmk NagVis	=2.1.0-p25
Checkmk NagVis	=2.1.0-p26
Checkmk NagVis	=2.1.0-p27
Checkmk NagVis	=2.1.0-p28
Checkmk NagVis	=2.1.0-p29
Checkmk NagVis	=2.1.0-p3
Checkmk NagVis	=2.1.0-p30
Checkmk NagVis	=2.1.0-p31
Checkmk NagVis	=2.1.0-p32
Checkmk NagVis	=2.1.0-p33
Checkmk NagVis	=2.1.0-p34
Checkmk NagVis	=2.1.0-p35
Checkmk NagVis	=2.1.0-p36
Checkmk NagVis	=2.1.0-p37
Checkmk NagVis	=2.1.0-p38
Checkmk NagVis	=2.1.0-p39
Checkmk NagVis	=2.1.0-p4
Checkmk NagVis	=2.1.0-p40
Checkmk NagVis	=2.1.0-p41
Checkmk NagVis	=2.1.0-p42
Checkmk NagVis	=2.1.0-p43
Checkmk NagVis	=2.1.0-p44
Checkmk NagVis	=2.1.0-p5
Checkmk NagVis	=2.1.0-p6
Checkmk NagVis	=2.1.0-p7
Checkmk NagVis	=2.1.0-p8
Checkmk NagVis	=2.1.0-p9
Checkmk NagVis	=2.2.0
Checkmk NagVis	=2.2.0-b1
Checkmk NagVis	=2.2.0-b2
Checkmk NagVis	=2.2.0-b3
Checkmk NagVis	=2.2.0-b4
Checkmk NagVis	=2.2.0-b5
Checkmk NagVis	=2.2.0-b6
Checkmk NagVis	=2.2.0-b7
Checkmk NagVis	=2.2.0-b8
Checkmk NagVis	=2.2.0-i1
Checkmk NagVis	=2.2.0-p1
Checkmk NagVis	=2.2.0-p10
Checkmk NagVis	=2.2.0-p11
Checkmk NagVis	=2.2.0-p12
Checkmk NagVis	=2.2.0-p13
Checkmk NagVis	=2.2.0-p14
Checkmk NagVis	=2.2.0-p15
Checkmk NagVis	=2.2.0-p16
Checkmk NagVis	=2.2.0-p17
Checkmk NagVis	=2.2.0-p18
Checkmk NagVis	=2.2.0-p19
Checkmk NagVis	=2.2.0-p2
Checkmk NagVis	=2.2.0-p20
Checkmk NagVis	=2.2.0-p21
Checkmk NagVis	=2.2.0-p22
Checkmk NagVis	=2.2.0-p23
Checkmk NagVis	=2.2.0-p24
Checkmk NagVis	=2.2.0-p25
Checkmk NagVis	=2.2.0-p26
Checkmk NagVis	=2.2.0-p27
Checkmk NagVis	=2.2.0-p3
Checkmk NagVis	=2.2.0-p4
Checkmk NagVis	=2.2.0-p5
Checkmk NagVis	=2.2.0-p6
Checkmk NagVis	=2.2.0-p7
Checkmk NagVis	=2.2.0-p8
Checkmk NagVis	=2.2.0-p9
Checkmk NagVis	=2.3.0
Checkmk NagVis	=2.3.0-b1
Checkmk NagVis	=2.3.0-b2
Checkmk NagVis	=2.3.0-b3
Checkmk NagVis	=2.3.0-b4
Checkmk NagVis	=2.3.0-b5
Checkmk NagVis	=2.3.0-b6
Checkmk NagVis	=2.3.0-p1
Checkmk NagVis	=2.3.0-p2
Checkmk NagVis	=2.3.0-p3
Checkmk NagVis	=2.3.0-p4
Checkmk NagVis	=2.3.0-p5
Checkmk NagVis	=2.3.0-p6
Checkmk NagVis	=2.3.0-p7

Never miss a vulnerability like this again

Reference Links

https://checkmk.com/werk/17059

Frequently Asked Questions

What is the severity of CVE-2024-38857?
CVE-2024-38857 has been classified as a medium severity vulnerability.
How do I fix CVE-2024-38857?
To fix CVE-2024-38857, you should upgrade Checkmk to version 2.3.0p8 or later, or to versions 2.2.0p28, 2.1.0p45, or 2.0.0.
Who is affected by CVE-2024-38857?
Any user running Checkmk versions prior to 2.3.0p8, 2.2.0p28, 2.1.0p45, and 2.0.0 is affected by CVE-2024-38857.
What type of vulnerability is CVE-2024-38857?
CVE-2024-38857 is characterized as an improper neutralization of input that may allow for phishing attacks.
Can CVE-2024-38857 be exploited remotely?
Yes, CVE-2024-38857 can be exploited remotely as it involves malicious link crafting.

agent/weakness
agent/references
agent/title
agent/first-publish-date
agent/description
agent/type
agent/author
agent/event
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/severity
agent/softwarecombine
agent/source
agent/tags
collector/nvd-api
source/NVD
agent/software-canonical-lookup
agent/software-canonical-lookup-request
vendor/checkmk
canonical/checkmk nagvis
version/checkmk nagvis/2.0.0
version/checkmk nagvis/2.1.0
version/checkmk nagvis/2.1.0-b1
version/checkmk nagvis/2.1.0-b2
version/checkmk nagvis/2.1.0-b3
version/checkmk nagvis/2.1.0-b4
version/checkmk nagvis/2.1.0-b5
version/checkmk nagvis/2.1.0-b6
version/checkmk nagvis/2.1.0-b7
version/checkmk nagvis/2.1.0-b8
version/checkmk nagvis/2.1.0-b9
version/checkmk nagvis/2.1.0-p1
version/checkmk nagvis/2.1.0-p10
version/checkmk nagvis/2.1.0-p11
version/checkmk nagvis/2.1.0-p12
version/checkmk nagvis/2.1.0-p13
version/checkmk nagvis/2.1.0-p14
version/checkmk nagvis/2.1.0-p15
version/checkmk nagvis/2.1.0-p16
version/checkmk nagvis/2.1.0-p17
version/checkmk nagvis/2.1.0-p18
version/checkmk nagvis/2.1.0-p19
version/checkmk nagvis/2.1.0-p2
version/checkmk nagvis/2.1.0-p20
version/checkmk nagvis/2.1.0-p21
version/checkmk nagvis/2.1.0-p22
version/checkmk nagvis/2.1.0-p23
version/checkmk nagvis/2.1.0-p24
version/checkmk nagvis/2.1.0-p25
version/checkmk nagvis/2.1.0-p26
version/checkmk nagvis/2.1.0-p27
version/checkmk nagvis/2.1.0-p28
version/checkmk nagvis/2.1.0-p29
version/checkmk nagvis/2.1.0-p3
version/checkmk nagvis/2.1.0-p30
version/checkmk nagvis/2.1.0-p31
version/checkmk nagvis/2.1.0-p32
version/checkmk nagvis/2.1.0-p33
version/checkmk nagvis/2.1.0-p34
version/checkmk nagvis/2.1.0-p35
version/checkmk nagvis/2.1.0-p36
version/checkmk nagvis/2.1.0-p37
version/checkmk nagvis/2.1.0-p38
version/checkmk nagvis/2.1.0-p39
version/checkmk nagvis/2.1.0-p4
version/checkmk nagvis/2.1.0-p40
version/checkmk nagvis/2.1.0-p41
version/checkmk nagvis/2.1.0-p42
version/checkmk nagvis/2.1.0-p43
version/checkmk nagvis/2.1.0-p44
version/checkmk nagvis/2.1.0-p5
version/checkmk nagvis/2.1.0-p6
version/checkmk nagvis/2.1.0-p7
version/checkmk nagvis/2.1.0-p8
version/checkmk nagvis/2.1.0-p9
version/checkmk nagvis/2.2.0
version/checkmk nagvis/2.2.0-b1
version/checkmk nagvis/2.2.0-b2
version/checkmk nagvis/2.2.0-b3
version/checkmk nagvis/2.2.0-b4
version/checkmk nagvis/2.2.0-b5
version/checkmk nagvis/2.2.0-b6
version/checkmk nagvis/2.2.0-b7
version/checkmk nagvis/2.2.0-b8
version/checkmk nagvis/2.2.0-i1
version/checkmk nagvis/2.2.0-p1
version/checkmk nagvis/2.2.0-p10
version/checkmk nagvis/2.2.0-p11
version/checkmk nagvis/2.2.0-p12
version/checkmk nagvis/2.2.0-p13
version/checkmk nagvis/2.2.0-p14
version/checkmk nagvis/2.2.0-p15
version/checkmk nagvis/2.2.0-p16
version/checkmk nagvis/2.2.0-p17
version/checkmk nagvis/2.2.0-p18
version/checkmk nagvis/2.2.0-p19
version/checkmk nagvis/2.2.0-p2
version/checkmk nagvis/2.2.0-p20
version/checkmk nagvis/2.2.0-p21
version/checkmk nagvis/2.2.0-p22
version/checkmk nagvis/2.2.0-p23
version/checkmk nagvis/2.2.0-p24
version/checkmk nagvis/2.2.0-p25
version/checkmk nagvis/2.2.0-p26
version/checkmk nagvis/2.2.0-p27
version/checkmk nagvis/2.2.0-p3
version/checkmk nagvis/2.2.0-p4
version/checkmk nagvis/2.2.0-p5
version/checkmk nagvis/2.2.0-p6
version/checkmk nagvis/2.2.0-p7
version/checkmk nagvis/2.2.0-p8
version/checkmk nagvis/2.2.0-p9
version/checkmk nagvis/2.3.0
version/checkmk nagvis/2.3.0-b1
version/checkmk nagvis/2.3.0-b2
version/checkmk nagvis/2.3.0-b3
version/checkmk nagvis/2.3.0-b4
version/checkmk nagvis/2.3.0-b5
version/checkmk nagvis/2.3.0-b6
version/checkmk nagvis/2.3.0-p1
version/checkmk nagvis/2.3.0-p2
version/checkmk nagvis/2.3.0-p3
version/checkmk nagvis/2.3.0-p4
version/checkmk nagvis/2.3.0-p5
version/checkmk nagvis/2.3.0-p6
version/checkmk nagvis/2.3.0-p7