{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-28832", "assignerOrgId": "f7d6281c-4801-44ce-ace2-493291dedb0f", "state": "PUBLISHED", "assignerShortName": "Checkmk", "dateReserved": "2024-03-11T13:21:43.122Z", "datePublished": "2024-06-25T11:45:33.371Z", "dateUpdated": "2024-08-02T00:56:58.120Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Checkmk", "vendor": "Checkmk GmbH", "versions": [{"lessThan": "2.3.0p7", "status": "affected", "version": "2.3.0", "versionType": "semver"}, {"lessThan": "2.2.0p28", "status": "affected", "version": "2.2.0", "versionType": "semver"}, {"lessThan": "2.1.0p45", "status": "affected", "version": "2.1.0", "versionType": "semver"}, {"lessThanOrEqual": "2.0.0p39", "status": "affected", "version": "2.0.0", "versionType": "semver"}]}], "credits": [{"lang": "en", "type": "reporter", "value": "PS Positive Security GmbH"}], "descriptions": [{"lang": "en", "value": "Stored XSS in the Crash Report page in Checkmk before versions 2.3.0p7, 2.2.0p28, 2.1.0p45, and 2.0.0 (EOL) allows users with permission to change Global Settings to execute arbitrary scripts by injecting HTML elements into the Crash Report URL in the Global Settings."}], "impacts": [{"capecId": "CAPEC-592", "descriptions": [{"lang": "en", "value": "CAPEC-592: Stored XSS"}]}], "metrics": [{"cvssV3_1": {"baseScore": 4.8, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-80", "description": "CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "f7d6281c-4801-44ce-ace2-493291dedb0f", "shortName": "Checkmk", "dateUpdated": "2024-06-25T11:45:33.371Z"}, "references": [{"url": "https://checkmk.com/werk/17024"}], "title": "XSS in Crash Report Page"}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-06-26T13:53:42.480903Z", "id": "CVE-2024-28832", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-26T17:07:00.337Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T00:56:58.120Z"}, "title": "CVE Program Container", "references": [{"url": "https://checkmk.com/werk/17024", "tags": ["x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-28832", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-06-26T13:53:42.480903Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-26T17:06:57.796Z"}}], "cna": {"title": "XSS in Crash Report Page", "credits": [{"lang": "en", "type": "reporter", "value": "PS Positive Security GmbH"}], "impacts": [{"capecId": "CAPEC-592", "descriptions": [{"lang": "en", "value": "CAPEC-592: Stored XSS"}]}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 4.8, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"}}], "affected": [{"vendor": "Checkmk GmbH", "product": "Checkmk", "versions": [{"status": "affected", "version": "2.3.0", "lessThan": "2.3.0p7", "versionType": "semver"}, {"status": "affected", "version": "2.2.0", "lessThan": "2.2.0p28", "versionType": "semver"}, {"status": "affected", "version": "2.1.0", "lessThan": "2.1.0p45", "versionType": "semver"}, {"status": "affected", "version": "2.0.0", "versionType": "semver", "lessThanOrEqual": "2.0.0p39"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://checkmk.com/werk/17024"}], "descriptions": [{"lang": "en", "value": "Stored XSS in the Crash Report page in Checkmk before versions 2.3.0p7, 2.2.0p28, 2.1.0p45, and 2.0.0 (EOL) allows users with permission to change Global Settings to execute arbitrary scripts by injecting HTML elements into the Crash Report URL in the Global Settings."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-80", "description": "CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)"}]}], "providerMetadata": {"orgId": "f7d6281c-4801-44ce-ace2-493291dedb0f", "shortName": "Checkmk", "dateUpdated": "2024-06-25T11:45:33.371Z"}}}, "cveMetadata": {"cveId": "CVE-2024-28832", "state": "PUBLISHED", "dateUpdated": "2024-06-26T17:07:00.337Z", "dateReserved": "2024-03-11T13:21:43.122Z", "assignerOrgId": "f7d6281c-4801-44ce-ace2-493291dedb0f", "datePublished": "2024-06-25T11:45:33.371Z", "assignerShortName": "Checkmk"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Stored XSS in the Crash Report page in Checkmk before versions 2.3.0p7, 2.2.0p28, 2.1.0p45, and 2.0.0 (EOL) allows users with permission to change Global Settings to execute arbitrary scripts by injecting HTML elements into the Crash Report URL in the Global Settings."}, {"lang": "es", "value": "XSS almacenado en la p\u00e1gina Informe de fallos en Checkmk antes de las versiones 2.3.0p7, 2.2.0p28, 2.1.0p45 y 2.0.0 (EOL) permite a los usuarios con permiso para cambiar la configuraci\u00f3n global para ejecutar scripts arbitrarios inyectando elementos HTML en la URL del informe de fallos en la configuraci\u00f3n global."}], "id": "CVE-2024-28832", "lastModified": "2024-06-25T12:24:17.873", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 1.7, "impactScore": 2.7, "source": "security@checkmk.com", "type": "Secondary"}]}, "published": "2024-06-25T12:15:09.713", "references": [{"source": "security@checkmk.com", "url": "https://checkmk.com/werk/17024"}], "sourceIdentifier": "security@checkmk.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-80"}], "source": "security@checkmk.com", "type": "Secondary"}]}

{}