Description
Transmission of credentials within query parameters in Checkmk <= 2.1.0p26, <= 2.0.0p35, and <= 2.2.0b6 (beta) may cause the automation user's secret to be written to the site Apache access log.
Analysis
Analysis and contextual insights are available on OpenCVE Cloud.
Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).
| Vendor | Product | Default status | Versions | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Tribe29 | Checkmk | unaffected |
|
Configuration 1 [-]
|
No data.
No data available yet.
Remediation
No vendor fix or workaround currently provided.
Additional remediation guidance may be available on OpenCVE Cloud.
Tracking
Sign in to view the affected projects.
Advisories
| Source | ID | Title |
|---|---|---|
 EUVD |
EUVD-2023-35522 | Transmission of credentials within query parameters in Checkmk <= 2.1.0p26, <= 2.0.0p35, and <= 2.2.0b6 (beta) may cause the automation user's secret to be written to the site Apache access log. |
References
| Link | Providers |
|---|---|
| https://checkmk.com/werk/15189 |
|
History
Thu, 30 Jan 2025 15:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
ssvc
|
MITRE
Status: PUBLISHED
Assigner: Tribe29
Published:
Updated: 2025-01-30T14:18:33.648Z
Reserved: 2023-04-25T08:49:15.442Z
Link: CVE-2023-31207
Vulnrichment
Updated: 2024-08-02T14:45:26.020Z
NVD
Status : Modified
Published: 2023-05-02T09:15:10.120
Modified: 2025-01-30T15:15:15.003
Link: CVE-2023-31207
Redhat
No data.
OpenCVE Enrichment
No data.
Weaknesses