Checkmk <=2.0.0p19 contains a Cross Site Scripting (XSS) vulnerability. While creating or editing a user attribute, the Help Text is subject to HTML injection, which can be triggered for editing a user.
{
"osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/24xxx/CVE-2022-24564.json",
"cna_assigner": "mitre"
}{
"cpe": [
"cpe:2.3:a:checkmk:checkmk:2.0.0:-:*:*:*:*:*:*",
"cpe:2.3:a:checkmk:checkmk:2.0.0:b1:*:*:*:*:*:*",
"cpe:2.3:a:checkmk:checkmk:2.0.0:i1:*:*:*:*:*:*",
"cpe:2.3:a:checkmk:checkmk:2.0.0:p1:*:*:*:*:*:*",
"cpe:2.3:a:checkmk:checkmk:2.0.0:b2:*:*:*:*:*:*",
"cpe:2.3:a:checkmk:checkmk:2.0.0:b3:*:*:*:*:*:*",
"cpe:2.3:a:checkmk:checkmk:2.0.0:b4:*:*:*:*:*:*",
"cpe:2.3:a:checkmk:checkmk:2.0.0:b5:*:*:*:*:*:*",
"cpe:2.3:a:checkmk:checkmk:2.0.0:b6:*:*:*:*:*:*",
"cpe:2.3:a:checkmk:checkmk:2.0.0:b7:*:*:*:*:*:*",
"cpe:2.3:a:checkmk:checkmk:2.0.0:b8:*:*:*:*:*:*",
"cpe:2.3:a:checkmk:checkmk:2.0.0:p10:*:*:*:*:*:*",
"cpe:2.3:a:checkmk:checkmk:2.0.0:p11:*:*:*:*:*:*",
"cpe:2.3:a:checkmk:checkmk:2.0.0:p12:*:*:*:*:*:*",
"cpe:2.3:a:checkmk:checkmk:2.0.0:p13:*:*:*:*:*:*",
"cpe:2.3:a:checkmk:checkmk:2.0.0:p14:*:*:*:*:*:*",
"cpe:2.3:a:checkmk:checkmk:2.0.0:p15:*:*:*:*:*:*",
"cpe:2.3:a:checkmk:checkmk:2.0.0:p16:*:*:*:*:*:*",
"cpe:2.3:a:checkmk:checkmk:2.0.0:p17:*:*:*:*:*:*",
"cpe:2.3:a:checkmk:checkmk:2.0.0:p18:*:*:*:*:*:*",
"cpe:2.3:a:checkmk:checkmk:2.0.0:p19:*:*:*:*:*:*"
],
"source": "CPE_STRING",
"extracted_events": [
{
"introduced": "2.0.0-NA"
},
{
"last_affected": "2.0.0-NA"
},
{
"introduced": "2.0.0-b1"
},
{
"last_affected": "2.0.0-b1"
},
{
"introduced": "2.0.0-i1"
},
{
"last_affected": "2.0.0-i1"
},
{
"introduced": "2.0.0-p1"
},
{
"last_affected": "2.0.0-p1"
},
{
"introduced": "2.0.0-b2"
},
{
"last_affected": "2.0.0-b2"
},
{
"introduced": "2.0.0-b3"
},
{
"last_affected": "2.0.0-b3"
},
{
"introduced": "2.0.0-b4"
},
{
"last_affected": "2.0.0-b4"
},
{
"introduced": "2.0.0-b5"
},
{
"last_affected": "2.0.0-b5"
},
{
"introduced": "2.0.0-b6"
},
{
"last_affected": "2.0.0-b6"
},
{
"introduced": "2.0.0-b7"
},
{
"last_affected": "2.0.0-b7"
},
{
"introduced": "2.0.0-b8"
},
{
"last_affected": "2.0.0-b8"
},
{
"introduced": "2.0.0-p10"
},
{
"last_affected": "2.0.0-p10"
},
{
"introduced": "2.0.0-p11"
},
{
"last_affected": "2.0.0-p11"
},
{
"introduced": "2.0.0-p12"
},
{
"last_affected": "2.0.0-p12"
},
{
"introduced": "2.0.0-p13"
},
{
"last_affected": "2.0.0-p13"
},
{
"introduced": "2.0.0-p14"
},
{
"last_affected": "2.0.0-p14"
},
{
"introduced": "2.0.0-p15"
},
{
"last_affected": "2.0.0-p15"
},
{
"introduced": "2.0.0-p16"
},
{
"last_affected": "2.0.0-p16"
},
{
"introduced": "2.0.0-p17"
},
{
"last_affected": "2.0.0-p17"
},
{
"introduced": "2.0.0-p18"
},
{
"last_affected": "2.0.0-p18"
},
{
"introduced": "2.0.0-p19"
},
{
"last_affected": "2.0.0-p19"
}
]
}