CVE-2024-38863
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2024-38863
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-38863.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2024-38863
- Downstream
- Published
- 2024-10-14T08:15:02.823Z
- Modified
- 2025-11-20T13:40:55.315080Z
- Severity
-
- 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
- Summary
- [none]
- Details
-
Exposure of CSRF tokens in query parameters on specific requests in Checkmk GmbH's Checkmk versions <2.3.0p18, <2.2.0p35 and <2.1.0p48 could lead to a leak of the token to facilitate targeted phishing attacks.
- References
Affected packages
Git / github.com/checkmk/checkmk
Affected ranges
- Type
- GIT
- Repo
- https://github.com/checkmk/checkmk
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affected
Affected versions
1.*
1.1.0beta17
v1.*
v1.1.0
v1.1.10
v1.1.10b1
v1.1.10b2
v1.1.11i1
v1.1.11i2
v1.1.11i3
v1.1.11i4
v1.1.12
v1.1.12b1
v1.1.12b2
v1.1.13i1
v1.1.13i2
v1.1.13i3
v1.1.2
v1.1.3
v1.1.3b1
v1.1.4
v1.1.5i0
v1.1.5i1
v1.1.5i2
v1.1.5i3
v1.1.6
v1.1.6b2
v1.1.6b3
v1.1.7i1
v1.1.7i2
v1.1.7i3
v1.1.7i4
v1.1.7i5
v1.1.8
v1.1.8b1
v1.1.8b2
v1.1.8b3
v1.1.9i1
v1.1.9i2
v1.1.9i3
v1.1.9i4
v1.1.9i5
v1.1.9i6
v1.1.9i7
v1.1.9i8
v1.1.9i9
v1.2.0b1
v1.2.0b2
v1.2.0b3
v1.2.0b4
v1.2.0b5
v1.2.0b6
v1.2.0p1
v1.2.0p2
v1.2.0p3
v1.2.1i1
v1.2.1i2
v1.2.1i3
v1.2.1i4
v1.2.1i5
v1.2.2b1
v1.2.3i1
v1.2.3i2
v1.2.3i3
v1.2.3i4
v1.2.3i5
v1.2.3i6
v1.2.3i7
v1.2.5i1
v1.2.5i2
v1.2.5i3
v1.2.5i4
v1.2.5i5
v1.2.5i6
v1.2.7i1
v1.2.7i2
v1.2.7i3
v1.4.0i1
v1.4.0i2
v1.4.0i3
v1.5.0i1
v1.5.0i2
v1.5.0i3
v1.6.0b1
v2.*
v2.0.0i1
v2.1.0
v2.1.0b1
v2.1.0b2
v2.1.0b3
v2.1.0b4
v2.1.0b5
v2.1.0b6
v2.1.0b7
v2.1.0b8
v2.1.0b9
v2.1.0p1
v2.1.0p2
v2.1.0p3
v2.1.0p4
v2.1.0p5
v2.2.0
v2.2.0-rc1
v2.2.0b1
v2.2.0b1-rc1
v2.2.0b1-rc2
v2.2.0b2
v2.2.0b2-rc1
v2.2.0b3
v2.2.0b3-rc1
v2.2.0b4
v2.2.0b4-rc1
v2.2.0b5
v2.2.0b5-rc1
v2.2.0b5-rc2
v2.2.0b6
v2.2.0b6-rc1
v2.2.0b7
v2.2.0b7-rc1
v2.2.0b8
v2.2.0b8-rc1
v2.2.0p1
v2.2.0p1-rc1
v2.2.0p2
v2.2.0p2-rc1
v2.2.0p3
v2.2.0p3-rc1
v2.2.0p4
v2.2.0p4-rc1
v2.2.0p4-rc2
v2.2.0p5
v2.2.0p5-rc1
v2.2.0p6
v2.2.0p6-rc1
v2.2.0p6-rc2
v2.2.0p6-rc3
v2.2.0p7
v2.2.0p7-rc1
v2.2.0p8
v2.2.0p8-rc1
v2.2.0p8-rc2
v2.2.0p9
v2.2.0p9-rc1
v2.3.0
v2.3.0-rc1
v2.3.0-rc2
v2.3.0-rc3
v2.3.0b1
v2.3.0b1-rc1
v2.3.0b1-rc2
v2.3.0b2
v2.3.0b2-rc1
v2.3.0b3
v2.3.0b3-rc1
v2.3.0b4-rc1
v2.3.0b4-rc2
v2.3.0b5
v2.3.0b5-rc1
v2.3.0b6-rc1
v2.3.0p1
v2.3.0p1-rc1
v2.3.0p2
v2.3.0p2-rc1
v2.3.0p3-rc1
v2.3.0p4
v2.3.0p4-rc1
v2.3.0p5
v2.3.0p5-rc1