CVE-2024-47094 MEDIUM

CVE-2024-47094: Logging of sitesecret to automations log

Vendor Checkmk Gmbh
Product Checkmk
Weakness CWE-532 · Sensitive info in logs
Published November 29, 2024
Last update September 11, 2025

CVSS base score

5.7/10
Attack vector Local
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

What the vulnerability does

01Description

Insertion of Sensitive Information into Log File in Checkmk GmbH's Checkmk versions <2.3.0p22, <2.2.0p37, <2.1.0p50 (EOL) causes remote site secrets to be written to web log files accessible to local site users.

Key dates

02Disclosure timeline

November 29, 2024 CVE published
September 11, 2025 Record updated