CVE-2024-38862 MEDIUM

CVE-2024-38862: SNMP and IMPI secrets written to audit log

Vendor Checkmk Gmbh
Product Checkmk
Weakness CWE-532 · Sensitive info in logs
Published October 14, 2024
Last update October 14, 2024

CVSS base score

5.1/10
Attack vector Network
Attack complexity Low
Privileges required High
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:N/SC:L/SI:N/SA:N

What the vulnerability does

01Description

Insertion of Sensitive Information into Log File in Checkmk GmbH's Checkmk versions <2.3.0p18, <2.2.0p35, <2.1.0p48 and <=2.0.0p39 (EOL) causes SNMP and IMPI secrets of host and folder properties to be written to audit log files accessible to administrators.

Key dates

02Disclosure timeline

October 14, 2024 CVE published
October 14, 2024 Record updated