nvd-json-data-feeds/CVE-2024/CVE-2024-388xx/CVE-2024-38859.json

{
  "id": "CVE-2024-38859",
  "sourceIdentifier": "security@checkmk.com",
  "published": "2024-08-26T15:15:08.183",
  "lastModified": "2024-08-26T15:15:23.727",
  "vulnStatus": "Awaiting Analysis",
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "XSS in the view page with the SLA column configured in Checkmk versions prior to 2.3.0p14, 2.2.0p33, 2.1.0p47 and 2.0.0 (EOL) allowed malicious users to execute arbitrary scripts by injecting HTML elements into the SLA column title. These scripts could be executed when the view page was cloned by other users."
    },
    {
      "lang": "es",
      "value": "XSS en la p\u00e1gina de visualizaci\u00f3n con la columna SLA configurada en versiones de Checkmk anteriores a 2.3.0p14, 2.2.0p33, 2.1.0p47 y 2.0.0 (EOL) permit\u00eda a usuarios malintencionados ejecutar scripts arbitrarios inyectando elementos HTML en el t\u00edtulo de la columna SLA. Estos scripts podr\u00edan ejecutarse cuando otros usuarios clonaran la p\u00e1gina de visualizaci\u00f3n."
    }
  ],
  "metrics": {
    "cvssMetricV40": [
      {
        "source": "security@checkmk.com",
        "type": "Secondary",
        "cvssData": {
          "version": "4.0",
          "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
          "attackVector": "NETWORK",
          "attackComplexity": "LOW",
          "attackRequirements": "NONE",
          "privilegesRequired": "LOW",
          "userInteraction": "ACTIVE",
          "vulnerableSystemConfidentiality": "NONE",
          "vulnerableSystemIntegrity": "NONE",
          "vulnerableSystemAvailability": "NONE",
          "subsequentSystemConfidentiality": "LOW",
          "subsequentSystemIntegrity": "LOW",
          "subsequentSystemAvailability": "NONE",
          "exploitMaturity": "NOT_DEFINED",
          "confidentialityRequirements": "NOT_DEFINED",
          "integrityRequirements": "NOT_DEFINED",
          "availabilityRequirements": "NOT_DEFINED",
          "modifiedAttackVector": "NOT_DEFINED",
          "modifiedAttackComplexity": "NOT_DEFINED",
          "modifiedAttackRequirements": "NOT_DEFINED",
          "modifiedPrivilegesRequired": "NOT_DEFINED",
          "modifiedUserInteraction": "NOT_DEFINED",
          "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED",
          "modifiedVulnerableSystemIntegrity": "NOT_DEFINED",
          "modifiedVulnerableSystemAvailability": "NOT_DEFINED",
          "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED",
          "modifiedSubsequentSystemIntegrity": "NOT_DEFINED",
          "modifiedSubsequentSystemAvailability": "NOT_DEFINED",
          "safety": "NOT_DEFINED",
          "automatable": "NOT_DEFINED",
          "recovery": "NOT_DEFINED",
          "valueDensity": "NOT_DEFINED",
          "vulnerabilityResponseEffort": "NOT_DEFINED",
          "providerUrgency": "NOT_DEFINED",
          "baseScore": 4.8,
          "baseSeverity": "MEDIUM"
        }
      }
    ]
  },
  "weaknesses": [
    {
      "source": "security@checkmk.com",
      "type": "Secondary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-80"
        }
      ]
    }
  ],
  "references": [
    {
      "url": "https://checkmk.com/werk/17026",
      "source": "security@checkmk.com"
    }
  ]
}
Auto-Update: 2024-08-26T16:00:17.809712+00:00 2024-08-26 16:03:13 +00:00			`{`
			`"id": "CVE-2024-38859",`
			`"sourceIdentifier": "security@checkmk.com",`
			`"published": "2024-08-26T15:15:08.183",`
			`"lastModified": "2024-08-26T15:15:23.727",`
			`"vulnStatus": "Awaiting Analysis",`
			`"cveTags": [],`
			`"descriptions": [`
			`{`
			`"lang": "en",`
			`"value": "XSS in the view page with the SLA column configured in Checkmk versions prior to 2.3.0p14, 2.2.0p33, 2.1.0p47 and 2.0.0 (EOL) allowed malicious users to execute arbitrary scripts by injecting HTML elements into the SLA column title. These scripts could be executed when the view page was cloned by other users."`
Auto-Update: 2024-09-08T02:00:16.451765+00:00 2024-09-08 02:03:15 +00:00			`},`
			`{`
			`"lang": "es",`
			`"value": "XSS en la p\u00e1gina de visualizaci\u00f3n con la columna SLA configurada en versiones de Checkmk anteriores a 2.3.0p14, 2.2.0p33, 2.1.0p47 y 2.0.0 (EOL) permit\u00eda a usuarios malintencionados ejecutar scripts arbitrarios inyectando elementos HTML en el t\u00edtulo de la columna SLA. Estos scripts podr\u00edan ejecutarse cuando otros usuarios clonaran la p\u00e1gina de visualizaci\u00f3n."`
Auto-Update: 2024-08-26T16:00:17.809712+00:00 2024-08-26 16:03:13 +00:00			`}`
			`],`
			`"metrics": {`
			`"cvssMetricV40": [`
			`{`
			`"source": "security@checkmk.com",`
			`"type": "Secondary",`
			`"cvssData": {`
			`"version": "4.0",`
			`"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",`
			`"attackVector": "NETWORK",`
			`"attackComplexity": "LOW",`
			`"attackRequirements": "NONE",`
			`"privilegesRequired": "LOW",`
			`"userInteraction": "ACTIVE",`
			`"vulnerableSystemConfidentiality": "NONE",`
			`"vulnerableSystemIntegrity": "NONE",`
			`"vulnerableSystemAvailability": "NONE",`
			`"subsequentSystemConfidentiality": "LOW",`
			`"subsequentSystemIntegrity": "LOW",`
			`"subsequentSystemAvailability": "NONE",`
			`"exploitMaturity": "NOT_DEFINED",`
			`"confidentialityRequirements": "NOT_DEFINED",`
			`"integrityRequirements": "NOT_DEFINED",`
			`"availabilityRequirements": "NOT_DEFINED",`
			`"modifiedAttackVector": "NOT_DEFINED",`
			`"modifiedAttackComplexity": "NOT_DEFINED",`
			`"modifiedAttackRequirements": "NOT_DEFINED",`
			`"modifiedPrivilegesRequired": "NOT_DEFINED",`
			`"modifiedUserInteraction": "NOT_DEFINED",`
			`"modifiedVulnerableSystemConfidentiality": "NOT_DEFINED",`
			`"modifiedVulnerableSystemIntegrity": "NOT_DEFINED",`
			`"modifiedVulnerableSystemAvailability": "NOT_DEFINED",`
			`"modifiedSubsequentSystemConfidentiality": "NOT_DEFINED",`
			`"modifiedSubsequentSystemIntegrity": "NOT_DEFINED",`
			`"modifiedSubsequentSystemAvailability": "NOT_DEFINED",`
			`"safety": "NOT_DEFINED",`
			`"automatable": "NOT_DEFINED",`
			`"recovery": "NOT_DEFINED",`
			`"valueDensity": "NOT_DEFINED",`
			`"vulnerabilityResponseEffort": "NOT_DEFINED",`
			`"providerUrgency": "NOT_DEFINED",`
			`"baseScore": 4.8,`
			`"baseSeverity": "MEDIUM"`
			`}`
			`}`
			`]`
			`},`
			`"weaknesses": [`
			`{`
			`"source": "security@checkmk.com",`
			`"type": "Secondary",`
			`"description": [`
			`{`
			`"lang": "en",`
			`"value": "CWE-80"`
			`}`
			`]`
			`}`
			`],`
			`"references": [`
			`{`
			`"url": "https://checkmk.com/werk/17026",`
			`"source": "security@checkmk.com"`
			`}`
			`]`
			`}`