What is the severity of CVE-2024-38859?

CVE-2024-38859 has a severity rating that allows attackers to execute arbitrary scripts through Cross-Site Scripting (XSS) vulnerabilities.

How do I fix CVE-2024-38859?

To fix CVE-2024-38859, upgrade to Checkmk versions 2.3.0p14, 2.2.0p33, 2.1.0p47, or later.

Which versions of Checkmk are affected by CVE-2024-38859?

CVE-2024-38859 affects Checkmk versions prior to 2.3.0p14, 2.2.0p33, 2.1.0p47, and 2.0.0.

What type of vulnerability is CVE-2024-38859?

CVE-2024-38859 is a Cross-Site Scripting (XSS) vulnerability that can be exploited through the SLA column in Checkmk.

Who is impacted by CVE-2024-38859?

Users of Checkmk running vulnerable versions before the specified patches are at risk of exploitation from this vulnerability.

Vulnerability/
CVE-2024-38859

medium

6.1

CWE

80 79

26/8/2024

3/12/2024

CVE-2024-38859: XSS in view page with SLA column

First published: Mon Aug 26 2024(Updated: )

XSS in the view page with the SLA column configured in Checkmk versions prior to 2.3.0p14, 2.2.0p33, 2.1.0p47 and 2.0.0 (EOL) allowed malicious users to execute arbitrary scripts by injecting HTML elements into the SLA column title. These scripts could be executed when the view page was cloned by other users.

Credit: security@checkmk.com

Affected Software	Affected Version	How to fix
Checkmk NagVis	=2.0.0
Checkmk NagVis	=2.1.0
Checkmk NagVis	=2.1.0-b1
Checkmk NagVis	=2.1.0-b2
Checkmk NagVis	=2.1.0-b3
Checkmk NagVis	=2.1.0-b4
Checkmk NagVis	=2.1.0-b5
Checkmk NagVis	=2.1.0-b6
Checkmk NagVis	=2.1.0-b7
Checkmk NagVis	=2.1.0-b8
Checkmk NagVis	=2.1.0-b9
Checkmk NagVis	=2.1.0-p1
Checkmk NagVis	=2.1.0-p10
Checkmk NagVis	=2.1.0-p11
Checkmk NagVis	=2.1.0-p12
Checkmk NagVis	=2.1.0-p13
Checkmk NagVis	=2.1.0-p14
Checkmk NagVis	=2.1.0-p15
Checkmk NagVis	=2.1.0-p16
Checkmk NagVis	=2.1.0-p17
Checkmk NagVis	=2.1.0-p18
Checkmk NagVis	=2.1.0-p19
Checkmk NagVis	=2.1.0-p2
Checkmk NagVis	=2.1.0-p20
Checkmk NagVis	=2.1.0-p21
Checkmk NagVis	=2.1.0-p22
Checkmk NagVis	=2.1.0-p23
Checkmk NagVis	=2.1.0-p24
Checkmk NagVis	=2.1.0-p25
Checkmk NagVis	=2.1.0-p26
Checkmk NagVis	=2.1.0-p27
Checkmk NagVis	=2.1.0-p28
Checkmk NagVis	=2.1.0-p29
Checkmk NagVis	=2.1.0-p3
Checkmk NagVis	=2.1.0-p30
Checkmk NagVis	=2.1.0-p31
Checkmk NagVis	=2.1.0-p32
Checkmk NagVis	=2.1.0-p33
Checkmk NagVis	=2.1.0-p34
Checkmk NagVis	=2.1.0-p35
Checkmk NagVis	=2.1.0-p36
Checkmk NagVis	=2.1.0-p37
Checkmk NagVis	=2.1.0-p38
Checkmk NagVis	=2.1.0-p39
Checkmk NagVis	=2.1.0-p4
Checkmk NagVis	=2.1.0-p40
Checkmk NagVis	=2.1.0-p41
Checkmk NagVis	=2.1.0-p42
Checkmk NagVis	=2.1.0-p43
Checkmk NagVis	=2.1.0-p44
Checkmk NagVis	=2.1.0-p45
Checkmk NagVis	=2.1.0-p46
Checkmk NagVis	=2.1.0-p5
Checkmk NagVis	=2.1.0-p6
Checkmk NagVis	=2.1.0-p7
Checkmk NagVis	=2.1.0-p8
Checkmk NagVis	=2.1.0-p9
Checkmk NagVis	=2.2.0
Checkmk NagVis	=2.2.0-b1
Checkmk NagVis	=2.2.0-b2
Checkmk NagVis	=2.2.0-b3
Checkmk NagVis	=2.2.0-b4
Checkmk NagVis	=2.2.0-b5
Checkmk NagVis	=2.2.0-b6
Checkmk NagVis	=2.2.0-b7
Checkmk NagVis	=2.2.0-b8
Checkmk NagVis	=2.2.0-i1
Checkmk NagVis	=2.2.0-p1
Checkmk NagVis	=2.2.0-p10
Checkmk NagVis	=2.2.0-p11
Checkmk NagVis	=2.2.0-p12
Checkmk NagVis	=2.2.0-p13
Checkmk NagVis	=2.2.0-p14
Checkmk NagVis	=2.2.0-p15
Checkmk NagVis	=2.2.0-p16
Checkmk NagVis	=2.2.0-p17
Checkmk NagVis	=2.2.0-p18
Checkmk NagVis	=2.2.0-p19
Checkmk NagVis	=2.2.0-p2
Checkmk NagVis	=2.2.0-p20
Checkmk NagVis	=2.2.0-p21
Checkmk NagVis	=2.2.0-p22
Checkmk NagVis	=2.2.0-p23
Checkmk NagVis	=2.2.0-p24
Checkmk NagVis	=2.2.0-p25
Checkmk NagVis	=2.2.0-p26
Checkmk NagVis	=2.2.0-p27
Checkmk NagVis	=2.2.0-p28
Checkmk NagVis	=2.2.0-p29
Checkmk NagVis	=2.2.0-p3
Checkmk NagVis	=2.2.0-p30
Checkmk NagVis	=2.2.0-p31
Checkmk NagVis	=2.2.0-p32
Checkmk NagVis	=2.2.0-p4
Checkmk NagVis	=2.2.0-p5
Checkmk NagVis	=2.2.0-p6
Checkmk NagVis	=2.2.0-p7
Checkmk NagVis	=2.2.0-p8
Checkmk NagVis	=2.2.0-p9
Checkmk NagVis	=2.3.0
Checkmk NagVis	=2.3.0-b1
Checkmk NagVis	=2.3.0-b2
Checkmk NagVis	=2.3.0-b3
Checkmk NagVis	=2.3.0-b4
Checkmk NagVis	=2.3.0-b5
Checkmk NagVis	=2.3.0-b6
Checkmk NagVis	=2.3.0-p1
Checkmk NagVis	=2.3.0-p10
Checkmk NagVis	=2.3.0-p11
Checkmk NagVis	=2.3.0-p12
Checkmk NagVis	=2.3.0-p13
Checkmk NagVis	=2.3.0-p2
Checkmk NagVis	=2.3.0-p3
Checkmk NagVis	=2.3.0-p4
Checkmk NagVis	=2.3.0-p5
Checkmk NagVis	=2.3.0-p6
Checkmk NagVis	=2.3.0-p7
Checkmk NagVis	=2.3.0-p8
Checkmk NagVis	=2.3.0-p9

Never miss a vulnerability like this again

Reference Links

https://checkmk.com/werk/17026

Frequently Asked Questions

What is the severity of CVE-2024-38859?
CVE-2024-38859 has a severity rating that allows attackers to execute arbitrary scripts through Cross-Site Scripting (XSS) vulnerabilities.
How do I fix CVE-2024-38859?
To fix CVE-2024-38859, upgrade to Checkmk versions 2.3.0p14, 2.2.0p33, 2.1.0p47, or later.
Which versions of Checkmk are affected by CVE-2024-38859?
CVE-2024-38859 affects Checkmk versions prior to 2.3.0p14, 2.2.0p33, 2.1.0p47, and 2.0.0.
What type of vulnerability is CVE-2024-38859?
CVE-2024-38859 is a Cross-Site Scripting (XSS) vulnerability that can be exploited through the SLA column in Checkmk.
Who is impacted by CVE-2024-38859?
Users of Checkmk running vulnerable versions before the specified patches are at risk of exploitation from this vulnerability.

agent/weakness
agent/title
agent/references
agent/type
agent/description
agent/first-publish-date
agent/author
agent/event
collector/mitre-cve
source/MITRE
agent/severity
agent/last-modified-date
agent/softwarecombine
agent/source
agent/tags
collector/nvd-api
source/NVD
agent/software-canonical-lookup
agent/software-canonical-lookup-request
vendor/checkmk
canonical/checkmk nagvis
version/checkmk nagvis/2.0.0
version/checkmk nagvis/2.1.0
version/checkmk nagvis/2.1.0-b1
version/checkmk nagvis/2.1.0-b2
version/checkmk nagvis/2.1.0-b3
version/checkmk nagvis/2.1.0-b4
version/checkmk nagvis/2.1.0-b5
version/checkmk nagvis/2.1.0-b6
version/checkmk nagvis/2.1.0-b7
version/checkmk nagvis/2.1.0-b8
version/checkmk nagvis/2.1.0-b9
version/checkmk nagvis/2.1.0-p1
version/checkmk nagvis/2.1.0-p10
version/checkmk nagvis/2.1.0-p11
version/checkmk nagvis/2.1.0-p12
version/checkmk nagvis/2.1.0-p13
version/checkmk nagvis/2.1.0-p14
version/checkmk nagvis/2.1.0-p15
version/checkmk nagvis/2.1.0-p16
version/checkmk nagvis/2.1.0-p17
version/checkmk nagvis/2.1.0-p18
version/checkmk nagvis/2.1.0-p19
version/checkmk nagvis/2.1.0-p2
version/checkmk nagvis/2.1.0-p20
version/checkmk nagvis/2.1.0-p21
version/checkmk nagvis/2.1.0-p22
version/checkmk nagvis/2.1.0-p23
version/checkmk nagvis/2.1.0-p24
version/checkmk nagvis/2.1.0-p25
version/checkmk nagvis/2.1.0-p26
version/checkmk nagvis/2.1.0-p27
version/checkmk nagvis/2.1.0-p28
version/checkmk nagvis/2.1.0-p29
version/checkmk nagvis/2.1.0-p3
version/checkmk nagvis/2.1.0-p30
version/checkmk nagvis/2.1.0-p31
version/checkmk nagvis/2.1.0-p32
version/checkmk nagvis/2.1.0-p33
version/checkmk nagvis/2.1.0-p34
version/checkmk nagvis/2.1.0-p35
version/checkmk nagvis/2.1.0-p36
version/checkmk nagvis/2.1.0-p37
version/checkmk nagvis/2.1.0-p38
version/checkmk nagvis/2.1.0-p39
version/checkmk nagvis/2.1.0-p4
version/checkmk nagvis/2.1.0-p40
version/checkmk nagvis/2.1.0-p41
version/checkmk nagvis/2.1.0-p42
version/checkmk nagvis/2.1.0-p43
version/checkmk nagvis/2.1.0-p44
version/checkmk nagvis/2.1.0-p45
version/checkmk nagvis/2.1.0-p46
version/checkmk nagvis/2.1.0-p5
version/checkmk nagvis/2.1.0-p6
version/checkmk nagvis/2.1.0-p7
version/checkmk nagvis/2.1.0-p8
version/checkmk nagvis/2.1.0-p9
version/checkmk nagvis/2.2.0
version/checkmk nagvis/2.2.0-b1
version/checkmk nagvis/2.2.0-b2
version/checkmk nagvis/2.2.0-b3
version/checkmk nagvis/2.2.0-b4
version/checkmk nagvis/2.2.0-b5
version/checkmk nagvis/2.2.0-b6
version/checkmk nagvis/2.2.0-b7
version/checkmk nagvis/2.2.0-b8
version/checkmk nagvis/2.2.0-i1
version/checkmk nagvis/2.2.0-p1
version/checkmk nagvis/2.2.0-p10
version/checkmk nagvis/2.2.0-p11
version/checkmk nagvis/2.2.0-p12
version/checkmk nagvis/2.2.0-p13
version/checkmk nagvis/2.2.0-p14
version/checkmk nagvis/2.2.0-p15
version/checkmk nagvis/2.2.0-p16
version/checkmk nagvis/2.2.0-p17
version/checkmk nagvis/2.2.0-p18
version/checkmk nagvis/2.2.0-p19
version/checkmk nagvis/2.2.0-p2
version/checkmk nagvis/2.2.0-p20
version/checkmk nagvis/2.2.0-p21
version/checkmk nagvis/2.2.0-p22
version/checkmk nagvis/2.2.0-p23
version/checkmk nagvis/2.2.0-p24
version/checkmk nagvis/2.2.0-p25
version/checkmk nagvis/2.2.0-p26
version/checkmk nagvis/2.2.0-p27
version/checkmk nagvis/2.2.0-p28
version/checkmk nagvis/2.2.0-p29
version/checkmk nagvis/2.2.0-p3
version/checkmk nagvis/2.2.0-p30
version/checkmk nagvis/2.2.0-p31
version/checkmk nagvis/2.2.0-p32
version/checkmk nagvis/2.2.0-p4
version/checkmk nagvis/2.2.0-p5
version/checkmk nagvis/2.2.0-p6
version/checkmk nagvis/2.2.0-p7
version/checkmk nagvis/2.2.0-p8
version/checkmk nagvis/2.2.0-p9
version/checkmk nagvis/2.3.0
version/checkmk nagvis/2.3.0-b1
version/checkmk nagvis/2.3.0-b2
version/checkmk nagvis/2.3.0-b3
version/checkmk nagvis/2.3.0-b4
version/checkmk nagvis/2.3.0-b5
version/checkmk nagvis/2.3.0-b6
version/checkmk nagvis/2.3.0-p1
version/checkmk nagvis/2.3.0-p10
version/checkmk nagvis/2.3.0-p11
version/checkmk nagvis/2.3.0-p12
version/checkmk nagvis/2.3.0-p13
version/checkmk nagvis/2.3.0-p2
version/checkmk nagvis/2.3.0-p3
version/checkmk nagvis/2.3.0-p4
version/checkmk nagvis/2.3.0-p5
version/checkmk nagvis/2.3.0-p6
version/checkmk nagvis/2.3.0-p7
version/checkmk nagvis/2.3.0-p8
version/checkmk nagvis/2.3.0-p9