Login Sign Up

CVE-2024-28832

4.8 MEDIUM
Cross-Site Scripting

📋 TL;DR

This vulnerability allows authenticated users with Global Settings permissions to inject malicious HTML/JavaScript into the Crash Report URL field, creating stored cross-site scripting (XSS) attacks. When other users view the affected Crash Report page, their browsers execute the injected scripts. Only Checkmk installations with users who have Global Settings modification privileges are affected.

💻 Affected Systems

Products:
  • Checkmk
Versions: All versions before 2.3.0p7, 2.2.0p28, 2.1.0p45, and all 2.0.0 versions (EOL)
Operating Systems: All platforms running Checkmk
Default Config Vulnerable: ⚠️ Yes
Notes: Requires user with 'Global Settings' permission to exploit. The vulnerability exists in the Crash Report URL field configuration.

📦 What is this software?

Checkmk by Checkmk

View all CVEs affecting Checkmk →

Checkmk by Checkmk

View all CVEs affecting Checkmk →

Checkmk by Checkmk

View all CVEs affecting Checkmk →

Checkmk by Checkmk

View all CVEs affecting Checkmk →

Checkmk by Checkmk

View all CVEs affecting Checkmk →

Checkmk by Checkmk

View all CVEs affecting Checkmk →

Checkmk by Checkmk

View all CVEs affecting Checkmk →

Checkmk by Checkmk

View all CVEs affecting Checkmk →

Checkmk by Checkmk

View all CVEs affecting Checkmk →

Checkmk by Checkmk

View all CVEs affecting Checkmk →

Checkmk by Checkmk

View all CVEs affecting Checkmk →

Checkmk by Checkmk

View all CVEs affecting Checkmk →

Checkmk by Checkmk

View all CVEs affecting Checkmk →

Checkmk by Checkmk

View all CVEs affecting Checkmk →

Checkmk by Checkmk

View all CVEs affecting Checkmk →

Checkmk by Checkmk

View all CVEs affecting Checkmk →

Checkmk by Checkmk

View all CVEs affecting Checkmk →

Checkmk by Checkmk

View all CVEs affecting Checkmk →

Checkmk by Checkmk

View all CVEs affecting Checkmk →

Checkmk by Checkmk

View all CVEs affecting Checkmk →

Checkmk by Checkmk

View all CVEs affecting Checkmk →

Checkmk by Checkmk

View all CVEs affecting Checkmk →

Checkmk by Checkmk

View all CVEs affecting Checkmk →

Checkmk by Checkmk

View all CVEs affecting Checkmk →

Checkmk by Checkmk

View all CVEs affecting Checkmk →

Checkmk by Checkmk

View all CVEs affecting Checkmk →

Checkmk by Checkmk

View all CVEs affecting Checkmk →

Checkmk by Checkmk

View all CVEs affecting Checkmk →

Checkmk by Checkmk

View all CVEs affecting Checkmk →

Checkmk by Checkmk

View all CVEs affecting Checkmk →

Checkmk by Checkmk

View all CVEs affecting Checkmk →

Checkmk by Checkmk

View all CVEs affecting Checkmk →

Checkmk by Checkmk

View all CVEs affecting Checkmk →

Checkmk by Checkmk

View all CVEs affecting Checkmk →

Checkmk by Checkmk

View all CVEs affecting Checkmk →

Checkmk by Checkmk

View all CVEs affecting Checkmk →

Checkmk by Checkmk

View all CVEs affecting Checkmk →

Checkmk by Checkmk

View all CVEs affecting Checkmk →

Checkmk by Checkmk

View all CVEs affecting Checkmk →

Checkmk by Checkmk

View all CVEs affecting Checkmk →

Checkmk by Checkmk

View all CVEs affecting Checkmk →

Checkmk by Checkmk

View all CVEs affecting Checkmk →

Checkmk by Checkmk

View all CVEs affecting Checkmk →

Checkmk by Checkmk

View all CVEs affecting Checkmk →

Checkmk by Checkmk

View all CVEs affecting Checkmk →

Checkmk by Checkmk

View all CVEs affecting Checkmk →

Checkmk by Checkmk

View all CVEs affecting Checkmk →

Checkmk by Checkmk

View all CVEs affecting Checkmk →

Checkmk by Checkmk

View all CVEs affecting Checkmk →

Checkmk by Checkmk

View all CVEs affecting Checkmk →

Checkmk by Checkmk

View all CVEs affecting Checkmk →

Checkmk by Checkmk

View all CVEs affecting Checkmk →

Checkmk by Checkmk

View all CVEs affecting Checkmk →

Checkmk by Checkmk

View all CVEs affecting Checkmk →

Checkmk by Checkmk

View all CVEs affecting Checkmk →

Checkmk by Checkmk

View all CVEs affecting Checkmk →

Checkmk by Checkmk

View all CVEs affecting Checkmk →

Checkmk by Checkmk

View all CVEs affecting Checkmk →

Checkmk by Checkmk

View all CVEs affecting Checkmk →

Checkmk by Checkmk

View all CVEs affecting Checkmk →

Checkmk by Checkmk

View all CVEs affecting Checkmk →

Checkmk by Checkmk

View all CVEs affecting Checkmk →

Checkmk by Checkmk

View all CVEs affecting Checkmk →

Checkmk by Checkmk

View all CVEs affecting Checkmk →

Checkmk by Checkmk

View all CVEs affecting Checkmk →

Checkmk by Checkmk

View all CVEs affecting Checkmk →

Checkmk by Checkmk

View all CVEs affecting Checkmk →

Checkmk by Checkmk

View all CVEs affecting Checkmk →

Checkmk by Checkmk

View all CVEs affecting Checkmk →

Checkmk by Checkmk

View all CVEs affecting Checkmk →

Checkmk by Checkmk

View all CVEs affecting Checkmk →

Checkmk by Checkmk

View all CVEs affecting Checkmk →

Checkmk by Checkmk

View all CVEs affecting Checkmk →

Checkmk by Checkmk

View all CVEs affecting Checkmk →

Checkmk by Checkmk

View all CVEs affecting Checkmk →

Checkmk by Checkmk

View all CVEs affecting Checkmk →

Checkmk by Checkmk

View all CVEs affecting Checkmk →

Checkmk by Checkmk

View all CVEs affecting Checkmk →

Checkmk by Checkmk

View all CVEs affecting Checkmk →

Checkmk by Checkmk

View all CVEs affecting Checkmk →

Checkmk by Checkmk

View all CVEs affecting Checkmk →

Checkmk by Checkmk

View all CVEs affecting Checkmk →

Checkmk by Checkmk

View all CVEs affecting Checkmk →

Checkmk by Checkmk

View all CVEs affecting Checkmk →

Checkmk by Checkmk

View all CVEs affecting Checkmk →

Checkmk by Checkmk

View all CVEs affecting Checkmk →

Checkmk by Checkmk

View all CVEs affecting Checkmk →

Checkmk by Checkmk

View all CVEs affecting Checkmk →

Checkmk by Checkmk

View all CVEs affecting Checkmk →

Checkmk by Checkmk

View all CVEs affecting Checkmk →

Checkmk by Checkmk

View all CVEs affecting Checkmk →

Checkmk by Checkmk

View all CVEs affecting Checkmk →

Checkmk by Checkmk

View all CVEs affecting Checkmk →

Checkmk by Checkmk

View all CVEs affecting Checkmk →

Checkmk by Checkmk

View all CVEs affecting Checkmk →

Checkmk by Checkmk

View all CVEs affecting Checkmk →

Checkmk by Checkmk

View all CVEs affecting Checkmk →

Checkmk by Checkmk

View all CVEs affecting Checkmk →

Checkmk by Checkmk

View all CVEs affecting Checkmk →

Checkmk by Checkmk

View all CVEs affecting Checkmk →

Checkmk by Checkmk

View all CVEs affecting Checkmk →

Checkmk by Checkmk

View all CVEs affecting Checkmk →

Checkmk by Checkmk

View all CVEs affecting Checkmk →

Checkmk by Checkmk

View all CVEs affecting Checkmk →

Checkmk by Checkmk

View all CVEs affecting Checkmk →

⚠️ Risk & Real-World Impact

🔴

Worst Case

An attacker with Global Settings permissions could steal administrator session cookies, perform actions as administrators, redirect users to malicious sites, or deploy additional malware within the Checkmk environment.

🟠

Likely Case

Privilege escalation where a lower-privileged user with Global Settings access steals administrator credentials or performs unauthorized actions within the monitoring system.

🟢

If Mitigated

Limited to users who already have Global Settings permissions, with minimal impact if proper access controls and input validation are in place.

🌐 Internet-Facing: MEDIUM
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploitation requires authenticated access with Global Settings permissions. The attack involves injecting HTML/JavaScript into a configuration field that gets rendered without proper sanitization.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 2.3.0p7, 2.2.0p28, or 2.1.0p45

Vendor Advisory: https://checkmk.com/werk/17024

Restart Required: Yes

Instructions:

1. Backup your Checkmk configuration. 2. Update to the patched version for your release line. 3. Restart Checkmk services. 4. Verify the fix by checking the version and testing the Crash Report URL field.

🔧 Temporary Workarounds

Restrict Global Settings Permissions

all

Limit Global Settings modification permissions to only essential administrators to reduce attack surface.

Input Validation via WAF

all

Deploy web application firewall rules to block HTML/JavaScript injection attempts in configuration fields.

🧯 If You Can't Patch

  • Review and restrict Global Settings permissions to minimal necessary users
  • Implement Content Security Policy (CSP) headers to mitigate XSS impact

🔍 How to Verify

Check if Vulnerable:

Check your Checkmk version. If it's earlier than the patched versions listed above, you are vulnerable if you have users with Global Settings permissions.

Check Version:

omd version

Verify Fix Applied:

After patching, verify the version is at least 2.3.0p7, 2.2.0p28, or 2.1.0p45. Test by attempting to inject HTML into the Crash Report URL field - it should be sanitized or rejected.

📡 Detection & Monitoring

Log Indicators:

  • Unusual modifications to Global Settings, particularly Crash Report URL field containing script tags or JavaScript

Network Indicators:

  • Unexpected outbound connections from Checkmk server to external domains following configuration changes

SIEM Query:

source="checkmk" AND (event="config_change" AND field="crash_report_url" AND value CONTAINS "<script>" OR "javascript:")

📊 Metadata

CVE ID: CVE-2024-28832
CVSS v3 Score: 4.8 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
CWE: CWE-80
Published: June 25, 2024
Last Updated: December 4, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-28832, you might also want to check these:

CVE-2023-39216 9.6

An improper input validation vulnerability in Zoom Desktop Client for Windows allows unauthenticated...

Same vulnerability type (CWE-80)
CVE-2024-52300 9.0

CVE-2024-52300 is a cross-site scripting (XSS) vulnerability in the macro-pdfviewer component for XW...

Same vulnerability type (CWE-80)
CVE-2024-41947 9.0

This XWiki vulnerability allows attackers to inject and execute JavaScript code in the context of hi...

Same vulnerability type (CWE-80)