What is the severity of CVE-2024-47094?

CVE-2024-47094 has been classified with a high severity due to the potential exposure of sensitive data.

How do I fix CVE-2024-47094?

To fix CVE-2024-47094, upgrade to Checkmk version 2.3.0p22 or later.

What versions of Checkmk are affected by CVE-2024-47094?

CVE-2024-47094 affects Checkmk versions earlier than 2.3.0p22, 2.2.0p37, and 2.1.0p50.

What type of vulnerability is CVE-2024-47094?

CVE-2024-47094 is an information disclosure vulnerability that causes sensitive site secrets to be logged.

Who is affected by CVE-2024-47094?

Local site users may be at risk due to their access to web log files containing sensitive information.

Vulnerability/
CVE-2024-47094

medium

5.7

CWE

532

29/11/2024

3/12/2024

CVE-2024-47094: Logging of sitesecret to automations log

First published: Fri Nov 29 2024(Updated: )

Insertion of Sensitive Information into Log File in Checkmk GmbH's Checkmk versions <2.3.0p22, <2.2.0p37, <2.1.0p50 (EOL) causes remote site secrets to be written to web log files accessible to local site users.

Credit: security@checkmk.com

Affected Software	Affected Version	How to fix
Checkmk NagVis	=2.1.0
Checkmk NagVis	=2.2.0
Checkmk NagVis	=2.2.0-b1
Checkmk NagVis	=2.2.0-b2
Checkmk NagVis	=2.2.0-b3
Checkmk NagVis	=2.2.0-b4
Checkmk NagVis	=2.2.0-b5
Checkmk NagVis	=2.2.0-b6
Checkmk NagVis	=2.2.0-b7
Checkmk NagVis	=2.2.0-b8
Checkmk NagVis	=2.2.0-i1
Checkmk NagVis	=2.2.0-p1
Checkmk NagVis	=2.2.0-p10
Checkmk NagVis	=2.2.0-p11
Checkmk NagVis	=2.2.0-p12
Checkmk NagVis	=2.2.0-p13
Checkmk NagVis	=2.2.0-p14
Checkmk NagVis	=2.2.0-p15
Checkmk NagVis	=2.2.0-p16
Checkmk NagVis	=2.2.0-p17
Checkmk NagVis	=2.2.0-p18
Checkmk NagVis	=2.2.0-p19
Checkmk NagVis	=2.2.0-p2
Checkmk NagVis	=2.2.0-p20
Checkmk NagVis	=2.2.0-p21
Checkmk NagVis	=2.2.0-p22
Checkmk NagVis	=2.2.0-p23
Checkmk NagVis	=2.2.0-p24
Checkmk NagVis	=2.2.0-p25
Checkmk NagVis	=2.2.0-p26
Checkmk NagVis	=2.2.0-p27
Checkmk NagVis	=2.2.0-p28
Checkmk NagVis	=2.2.0-p29
Checkmk NagVis	=2.2.0-p3
Checkmk NagVis	=2.2.0-p30
Checkmk NagVis	=2.2.0-p31
Checkmk NagVis	=2.2.0-p32
Checkmk NagVis	=2.2.0-p33
Checkmk NagVis	=2.2.0-p34
Checkmk NagVis	=2.2.0-p35
Checkmk NagVis	=2.2.0-p36
Checkmk NagVis	=2.2.0-p4
Checkmk NagVis	=2.2.0-p5
Checkmk NagVis	=2.2.0-p6
Checkmk NagVis	=2.2.0-p7
Checkmk NagVis	=2.2.0-p8
Checkmk NagVis	=2.2.0-p9
Checkmk NagVis	=2.3.0
Checkmk NagVis	=2.3.0-b1
Checkmk NagVis	=2.3.0-b2
Checkmk NagVis	=2.3.0-b3
Checkmk NagVis	=2.3.0-b4
Checkmk NagVis	=2.3.0-b5
Checkmk NagVis	=2.3.0-b6
Checkmk NagVis	=2.3.0-p1
Checkmk NagVis	=2.3.0-p10
Checkmk NagVis	=2.3.0-p11
Checkmk NagVis	=2.3.0-p12
Checkmk NagVis	=2.3.0-p13
Checkmk NagVis	=2.3.0-p14
Checkmk NagVis	=2.3.0-p15
Checkmk NagVis	=2.3.0-p16
Checkmk NagVis	=2.3.0-p17
Checkmk NagVis	=2.3.0-p18
Checkmk NagVis	=2.3.0-p19
Checkmk NagVis	=2.3.0-p2
Checkmk NagVis	=2.3.0-p20
Checkmk NagVis	=2.3.0-p21
Checkmk NagVis	=2.3.0-p3
Checkmk NagVis	=2.3.0-p4
Checkmk NagVis	=2.3.0-p5
Checkmk NagVis	=2.3.0-p6
Checkmk NagVis	=2.3.0-p7
Checkmk NagVis	=2.3.0-p8
Checkmk NagVis	=2.3.0-p9

Never miss a vulnerability like this again

Reference Links

https://checkmk.com/werk/17342

Frequently Asked Questions

What is the severity of CVE-2024-47094?
CVE-2024-47094 has been classified with a high severity due to the potential exposure of sensitive data.
How do I fix CVE-2024-47094?
To fix CVE-2024-47094, upgrade to Checkmk version 2.3.0p22 or later.
What versions of Checkmk are affected by CVE-2024-47094?
CVE-2024-47094 affects Checkmk versions earlier than 2.3.0p22, 2.2.0p37, and 2.1.0p50.
What type of vulnerability is CVE-2024-47094?
CVE-2024-47094 is an information disclosure vulnerability that causes sensitive site secrets to be logged.
Who is affected by CVE-2024-47094?
Local site users may be at risk due to their access to web log files containing sensitive information.

agent/title
agent/weakness
agent/references
agent/type
agent/description
agent/first-publish-date
agent/author
agent/event
collector/mitre-cve
source/MITRE
agent/severity
agent/last-modified-date
agent/softwarecombine
agent/source
agent/tags
collector/nvd-api
source/NVD
agent/software-canonical-lookup
agent/software-canonical-lookup-request
vendor/checkmk
canonical/checkmk nagvis
version/checkmk nagvis/2.1.0
version/checkmk nagvis/2.2.0
version/checkmk nagvis/2.2.0-b1
version/checkmk nagvis/2.2.0-b2
version/checkmk nagvis/2.2.0-b3
version/checkmk nagvis/2.2.0-b4
version/checkmk nagvis/2.2.0-b5
version/checkmk nagvis/2.2.0-b6
version/checkmk nagvis/2.2.0-b7
version/checkmk nagvis/2.2.0-b8
version/checkmk nagvis/2.2.0-i1
version/checkmk nagvis/2.2.0-p1
version/checkmk nagvis/2.2.0-p10
version/checkmk nagvis/2.2.0-p11
version/checkmk nagvis/2.2.0-p12
version/checkmk nagvis/2.2.0-p13
version/checkmk nagvis/2.2.0-p14
version/checkmk nagvis/2.2.0-p15
version/checkmk nagvis/2.2.0-p16
version/checkmk nagvis/2.2.0-p17
version/checkmk nagvis/2.2.0-p18
version/checkmk nagvis/2.2.0-p19
version/checkmk nagvis/2.2.0-p2
version/checkmk nagvis/2.2.0-p20
version/checkmk nagvis/2.2.0-p21
version/checkmk nagvis/2.2.0-p22
version/checkmk nagvis/2.2.0-p23
version/checkmk nagvis/2.2.0-p24
version/checkmk nagvis/2.2.0-p25
version/checkmk nagvis/2.2.0-p26
version/checkmk nagvis/2.2.0-p27
version/checkmk nagvis/2.2.0-p28
version/checkmk nagvis/2.2.0-p29
version/checkmk nagvis/2.2.0-p3
version/checkmk nagvis/2.2.0-p30
version/checkmk nagvis/2.2.0-p31
version/checkmk nagvis/2.2.0-p32
version/checkmk nagvis/2.2.0-p33
version/checkmk nagvis/2.2.0-p34
version/checkmk nagvis/2.2.0-p35
version/checkmk nagvis/2.2.0-p36
version/checkmk nagvis/2.2.0-p4
version/checkmk nagvis/2.2.0-p5
version/checkmk nagvis/2.2.0-p6
version/checkmk nagvis/2.2.0-p7
version/checkmk nagvis/2.2.0-p8
version/checkmk nagvis/2.2.0-p9
version/checkmk nagvis/2.3.0
version/checkmk nagvis/2.3.0-b1
version/checkmk nagvis/2.3.0-b2
version/checkmk nagvis/2.3.0-b3
version/checkmk nagvis/2.3.0-b4
version/checkmk nagvis/2.3.0-b5
version/checkmk nagvis/2.3.0-b6
version/checkmk nagvis/2.3.0-p1
version/checkmk nagvis/2.3.0-p10
version/checkmk nagvis/2.3.0-p11
version/checkmk nagvis/2.3.0-p12
version/checkmk nagvis/2.3.0-p13
version/checkmk nagvis/2.3.0-p14
version/checkmk nagvis/2.3.0-p15
version/checkmk nagvis/2.3.0-p16
version/checkmk nagvis/2.3.0-p17
version/checkmk nagvis/2.3.0-p18
version/checkmk nagvis/2.3.0-p19
version/checkmk nagvis/2.3.0-p2
version/checkmk nagvis/2.3.0-p20
version/checkmk nagvis/2.3.0-p21
version/checkmk nagvis/2.3.0-p3
version/checkmk nagvis/2.3.0-p4
version/checkmk nagvis/2.3.0-p5
version/checkmk nagvis/2.3.0-p6
version/checkmk nagvis/2.3.0-p7
version/checkmk nagvis/2.3.0-p8
version/checkmk nagvis/2.3.0-p9