What is the severity of CVE-2024-5741?

CVE-2024-5741 is categorized as a moderate severity vulnerability due to the potential for stored cross-site scripting (XSS) attacks.

How do I fix CVE-2024-5741?

To fix CVE-2024-5741, upgrade to Checkmk versions 2.3.0p7, 2.2.0p28, or 2.1.0p45 or later.

What versions of Checkmk are affected by CVE-2024-5741?

Checkmk versions before 2.3.0p7, 2.2.0p28, and 2.1.0p45, including 2.0.0, are affected by CVE-2024-5741.

What type of vulnerability is CVE-2024-5741?

CVE-2024-5741 is a stored XSS vulnerability affecting the inventory tree rendering in Checkmk.

Can CVE-2024-5741 be exploited remotely?

Yes, CVE-2024-5741 can be exploited remotely if an attacker can send malicious payloads during inventory tree interactions.

Vulnerability/
CVE-2024-5741

medium

6.5

CWE

80 79

EPSS

0.043%

17/6/2024

16/8/2024

CVE-2024-5741: XSS in inventory view

First published: Mon Jun 17 2024(Updated: )

Stored XSS in inventory tree rendering in Checkmk before 2.3.0p7, 2.2.0p28, 2.1.0p45 and 2.0.0 (EOL)

Credit: security@checkmk.com

Affected Software	Affected Version	How to fix
Checkmk NagVis	<=2.0.0
Checkmk NagVis	=2.1.0
Checkmk NagVis	=2.1.0-b1
Checkmk NagVis	=2.1.0-b2
Checkmk NagVis	=2.1.0-b3
Checkmk NagVis	=2.1.0-b4
Checkmk NagVis	=2.1.0-b5
Checkmk NagVis	=2.1.0-b6
Checkmk NagVis	=2.1.0-b7
Checkmk NagVis	=2.1.0-b8
Checkmk NagVis	=2.1.0-b9
Checkmk NagVis	=2.1.0-p1
Checkmk NagVis	=2.1.0-p10
Checkmk NagVis	=2.1.0-p11
Checkmk NagVis	=2.1.0-p12
Checkmk NagVis	=2.1.0-p13
Checkmk NagVis	=2.1.0-p14
Checkmk NagVis	=2.1.0-p15
Checkmk NagVis	=2.1.0-p16
Checkmk NagVis	=2.1.0-p17
Checkmk NagVis	=2.1.0-p18
Checkmk NagVis	=2.1.0-p19
Checkmk NagVis	=2.1.0-p2
Checkmk NagVis	=2.1.0-p20
Checkmk NagVis	=2.1.0-p21
Checkmk NagVis	=2.1.0-p22
Checkmk NagVis	=2.1.0-p23
Checkmk NagVis	=2.1.0-p24
Checkmk NagVis	=2.1.0-p25
Checkmk NagVis	=2.1.0-p26
Checkmk NagVis	=2.1.0-p27
Checkmk NagVis	=2.1.0-p28
Checkmk NagVis	=2.1.0-p29
Checkmk NagVis	=2.1.0-p3
Checkmk NagVis	=2.1.0-p30
Checkmk NagVis	=2.1.0-p31
Checkmk NagVis	=2.1.0-p32
Checkmk NagVis	=2.1.0-p33
Checkmk NagVis	=2.1.0-p34
Checkmk NagVis	=2.1.0-p35
Checkmk NagVis	=2.1.0-p36
Checkmk NagVis	=2.1.0-p37
Checkmk NagVis	=2.1.0-p38
Checkmk NagVis	=2.1.0-p39
Checkmk NagVis	=2.1.0-p4
Checkmk NagVis	=2.1.0-p40
Checkmk NagVis	=2.1.0-p41
Checkmk NagVis	=2.1.0-p42
Checkmk NagVis	=2.1.0-p43
Checkmk NagVis	=2.1.0-p44
Checkmk NagVis	=2.1.0-p5
Checkmk NagVis	=2.1.0-p6
Checkmk NagVis	=2.1.0-p7
Checkmk NagVis	=2.1.0-p8
Checkmk NagVis	=2.1.0-p9
Checkmk NagVis	=2.2.0
Checkmk NagVis	=2.2.0-b1
Checkmk NagVis	=2.2.0-b2
Checkmk NagVis	=2.2.0-b3
Checkmk NagVis	=2.2.0-b4
Checkmk NagVis	=2.2.0-b5
Checkmk NagVis	=2.2.0-b6
Checkmk NagVis	=2.2.0-b7
Checkmk NagVis	=2.2.0-b8
Checkmk NagVis	=2.2.0-i1
Checkmk NagVis	=2.2.0-p1
Checkmk NagVis	=2.2.0-p10
Checkmk NagVis	=2.2.0-p11
Checkmk NagVis	=2.2.0-p12
Checkmk NagVis	=2.2.0-p13
Checkmk NagVis	=2.2.0-p14
Checkmk NagVis	=2.2.0-p15
Checkmk NagVis	=2.2.0-p16
Checkmk NagVis	=2.2.0-p17
Checkmk NagVis	=2.2.0-p18
Checkmk NagVis	=2.2.0-p19
Checkmk NagVis	=2.2.0-p2
Checkmk NagVis	=2.2.0-p20
Checkmk NagVis	=2.2.0-p21
Checkmk NagVis	=2.2.0-p22
Checkmk NagVis	=2.2.0-p23
Checkmk NagVis	=2.2.0-p24
Checkmk NagVis	=2.2.0-p25
Checkmk NagVis	=2.2.0-p26
Checkmk NagVis	=2.2.0-p27
Checkmk NagVis	=2.2.0-p3
Checkmk NagVis	=2.2.0-p4
Checkmk NagVis	=2.2.0-p5
Checkmk NagVis	=2.2.0-p6
Checkmk NagVis	=2.2.0-p7
Checkmk NagVis	=2.2.0-p8
Checkmk NagVis	=2.2.0-p9
Checkmk NagVis	=2.3.0
Checkmk NagVis	=2.3.0-p1
Checkmk NagVis	=2.3.0-p2
Checkmk NagVis	=2.3.0-p3
Checkmk NagVis	=2.3.0-p4
Checkmk NagVis	=2.3.0-p5
Checkmk NagVis	=2.3.0-p6

Never miss a vulnerability like this again

Reference Links

https://checkmk.com/werk/17009

Frequently Asked Questions

What is the severity of CVE-2024-5741?
CVE-2024-5741 is categorized as a moderate severity vulnerability due to the potential for stored cross-site scripting (XSS) attacks.
How do I fix CVE-2024-5741?
To fix CVE-2024-5741, upgrade to Checkmk versions 2.3.0p7, 2.2.0p28, or 2.1.0p45 or later.
What versions of Checkmk are affected by CVE-2024-5741?
Checkmk versions before 2.3.0p7, 2.2.0p28, and 2.1.0p45, including 2.0.0, are affected by CVE-2024-5741.
What type of vulnerability is CVE-2024-5741?
CVE-2024-5741 is a stored XSS vulnerability affecting the inventory tree rendering in Checkmk.
Can CVE-2024-5741 be exploited remotely?
Yes, CVE-2024-5741 can be exploited remotely if an attacker can send malicious payloads during inventory tree interactions.

agent/references
agent/weakness
agent/title
agent/description
agent/type
agent/first-publish-date
agent/author
agent/event
collector/mitre-cve
source/MITRE
collector/epss-latest
source/FIRST
agent/epss
agent/severity
agent/last-modified-date
agent/softwarecombine
agent/source
agent/tags
collector/nvd-api
source/NVD
agent/software-canonical-lookup
agent/software-canonical-lookup-request
vendor/checkmk
canonical/checkmk nagvis
version/checkmk nagvis/2.0.0
version/checkmk nagvis/2.1.0
version/checkmk nagvis/2.1.0-b1
version/checkmk nagvis/2.1.0-b2
version/checkmk nagvis/2.1.0-b3
version/checkmk nagvis/2.1.0-b4
version/checkmk nagvis/2.1.0-b5
version/checkmk nagvis/2.1.0-b6
version/checkmk nagvis/2.1.0-b7
version/checkmk nagvis/2.1.0-b8
version/checkmk nagvis/2.1.0-b9
version/checkmk nagvis/2.1.0-p1
version/checkmk nagvis/2.1.0-p10
version/checkmk nagvis/2.1.0-p11
version/checkmk nagvis/2.1.0-p12
version/checkmk nagvis/2.1.0-p13
version/checkmk nagvis/2.1.0-p14
version/checkmk nagvis/2.1.0-p15
version/checkmk nagvis/2.1.0-p16
version/checkmk nagvis/2.1.0-p17
version/checkmk nagvis/2.1.0-p18
version/checkmk nagvis/2.1.0-p19
version/checkmk nagvis/2.1.0-p2
version/checkmk nagvis/2.1.0-p20
version/checkmk nagvis/2.1.0-p21
version/checkmk nagvis/2.1.0-p22
version/checkmk nagvis/2.1.0-p23
version/checkmk nagvis/2.1.0-p24
version/checkmk nagvis/2.1.0-p25
version/checkmk nagvis/2.1.0-p26
version/checkmk nagvis/2.1.0-p27
version/checkmk nagvis/2.1.0-p28
version/checkmk nagvis/2.1.0-p29
version/checkmk nagvis/2.1.0-p3
version/checkmk nagvis/2.1.0-p30
version/checkmk nagvis/2.1.0-p31
version/checkmk nagvis/2.1.0-p32
version/checkmk nagvis/2.1.0-p33
version/checkmk nagvis/2.1.0-p34
version/checkmk nagvis/2.1.0-p35
version/checkmk nagvis/2.1.0-p36
version/checkmk nagvis/2.1.0-p37
version/checkmk nagvis/2.1.0-p38
version/checkmk nagvis/2.1.0-p39
version/checkmk nagvis/2.1.0-p4
version/checkmk nagvis/2.1.0-p40
version/checkmk nagvis/2.1.0-p41
version/checkmk nagvis/2.1.0-p42
version/checkmk nagvis/2.1.0-p43
version/checkmk nagvis/2.1.0-p44
version/checkmk nagvis/2.1.0-p5
version/checkmk nagvis/2.1.0-p6
version/checkmk nagvis/2.1.0-p7
version/checkmk nagvis/2.1.0-p8
version/checkmk nagvis/2.1.0-p9
version/checkmk nagvis/2.2.0
version/checkmk nagvis/2.2.0-b1
version/checkmk nagvis/2.2.0-b2
version/checkmk nagvis/2.2.0-b3
version/checkmk nagvis/2.2.0-b4
version/checkmk nagvis/2.2.0-b5
version/checkmk nagvis/2.2.0-b6
version/checkmk nagvis/2.2.0-b7
version/checkmk nagvis/2.2.0-b8
version/checkmk nagvis/2.2.0-i1
version/checkmk nagvis/2.2.0-p1
version/checkmk nagvis/2.2.0-p10
version/checkmk nagvis/2.2.0-p11
version/checkmk nagvis/2.2.0-p12
version/checkmk nagvis/2.2.0-p13
version/checkmk nagvis/2.2.0-p14
version/checkmk nagvis/2.2.0-p15
version/checkmk nagvis/2.2.0-p16
version/checkmk nagvis/2.2.0-p17
version/checkmk nagvis/2.2.0-p18
version/checkmk nagvis/2.2.0-p19
version/checkmk nagvis/2.2.0-p2
version/checkmk nagvis/2.2.0-p20
version/checkmk nagvis/2.2.0-p21
version/checkmk nagvis/2.2.0-p22
version/checkmk nagvis/2.2.0-p23
version/checkmk nagvis/2.2.0-p24
version/checkmk nagvis/2.2.0-p25
version/checkmk nagvis/2.2.0-p26
version/checkmk nagvis/2.2.0-p27
version/checkmk nagvis/2.2.0-p3
version/checkmk nagvis/2.2.0-p4
version/checkmk nagvis/2.2.0-p5
version/checkmk nagvis/2.2.0-p6
version/checkmk nagvis/2.2.0-p7
version/checkmk nagvis/2.2.0-p8
version/checkmk nagvis/2.2.0-p9
version/checkmk nagvis/2.3.0
version/checkmk nagvis/2.3.0-p1
version/checkmk nagvis/2.3.0-p2
version/checkmk nagvis/2.3.0-p3
version/checkmk nagvis/2.3.0-p4
version/checkmk nagvis/2.3.0-p5
version/checkmk nagvis/2.3.0-p6