CVE-2024-28828

Published: Jul 10, 2024Modified: Jun 17, 2026

8.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: NVD

Description

Cross-Site request forgery in Checkmk < 2.3.0p8, < 2.2.0p29, < 2.1.0p45, and <= 2.0.0p39 (EOL) could lead to 1-click compromize of the site.

Affected (147)

Products: Checkmk: Checkmk

Checkmk

1 product

Checkmk

Configuration A

147 vulnerable

Vulnerable Software	Affected Versions
Checkmk Checkmk	Version 2.0.0
Checkmk Checkmk	Version 2.0.0 b1
Checkmk Checkmk	Version 2.0.0 b2
Checkmk Checkmk	Version 2.0.0 b3
Checkmk Checkmk	Version 2.0.0 b4
Checkmk Checkmk	Version 2.0.0 b5
Checkmk Checkmk	Version 2.0.0 b6
Checkmk Checkmk	Version 2.0.0 b7
Checkmk Checkmk	Version 2.0.0 b8
Checkmk Checkmk	Version 2.0.0 i1
Checkmk Checkmk	Version 2.0.0 p10
Checkmk Checkmk	Version 2.0.0 p11
Checkmk Checkmk	Version 2.0.0 p12
Checkmk Checkmk	Version 2.0.0 p13
Checkmk Checkmk	Version 2.0.0 p14
Checkmk Checkmk	Version 2.0.0 p15
Checkmk Checkmk	Version 2.0.0 p16
Checkmk Checkmk	Version 2.0.0 p17
Checkmk Checkmk	Version 2.0.0 p18
Checkmk Checkmk	Version 2.0.0 p19
Checkmk Checkmk	Version 2.0.0 p1
Checkmk Checkmk	Version 2.0.0 p20
Checkmk Checkmk	Version 2.0.0 p21
Checkmk Checkmk	Version 2.0.0 p22
Checkmk Checkmk	Version 2.0.0 p23
Checkmk Checkmk	Version 2.0.0 p24
Checkmk Checkmk	Version 2.0.0 p25
Checkmk Checkmk	Version 2.0.0 p26
Checkmk Checkmk	Version 2.0.0 p27
Checkmk Checkmk	Version 2.0.0 p28
Checkmk Checkmk	Version 2.0.0 p29
Checkmk Checkmk	Version 2.0.0 p2
Checkmk Checkmk	Version 2.0.0 p30
Checkmk Checkmk	Version 2.0.0 p31
Checkmk Checkmk	Version 2.0.0 p32
Checkmk Checkmk	Version 2.0.0 p33
Checkmk Checkmk	Version 2.0.0 p34
Checkmk Checkmk	Version 2.0.0 p35
Checkmk Checkmk	Version 2.0.0 p36
Checkmk Checkmk	Version 2.0.0 p37
Checkmk Checkmk	Version 2.0.0 p38
Checkmk Checkmk	Version 2.0.0 p3
Checkmk Checkmk	Version 2.0.0 p4
Checkmk Checkmk	Version 2.0.0 p5
Checkmk Checkmk	Version 2.0.0 p6
Checkmk Checkmk	Version 2.0.0 p7
Checkmk Checkmk	Version 2.0.0 p8
Checkmk Checkmk	Version 2.0.0 p9
Checkmk Checkmk	Version 2.1.0
Checkmk Checkmk	Version 2.1.0 b1
Checkmk Checkmk	Version 2.1.0 b2
Checkmk Checkmk	Version 2.1.0 b3
Checkmk Checkmk	Version 2.1.0 b4
Checkmk Checkmk	Version 2.1.0 b5
Checkmk Checkmk	Version 2.1.0 b6
Checkmk Checkmk	Version 2.1.0 b7
Checkmk Checkmk	Version 2.1.0 b8
Checkmk Checkmk	Version 2.1.0 b9
Checkmk Checkmk	Version 2.1.0 p10
Checkmk Checkmk	Version 2.1.0 p11
Checkmk Checkmk	Version 2.1.0 p12
Checkmk Checkmk	Version 2.1.0 p13
Checkmk Checkmk	Version 2.1.0 p14
Checkmk Checkmk	Version 2.1.0 p15
Checkmk Checkmk	Version 2.1.0 p16
Checkmk Checkmk	Version 2.1.0 p17
Checkmk Checkmk	Version 2.1.0 p18
Checkmk Checkmk	Version 2.1.0 p19
Checkmk Checkmk	Version 2.1.0 p1
Checkmk Checkmk	Version 2.1.0 p20
Checkmk Checkmk	Version 2.1.0 p21
Checkmk Checkmk	Version 2.1.0 p22
Checkmk Checkmk	Version 2.1.0 p23
Checkmk Checkmk	Version 2.1.0 p24
Checkmk Checkmk	Version 2.1.0 p25
Checkmk Checkmk	Version 2.1.0 p26
Checkmk Checkmk	Version 2.1.0 p27
Checkmk Checkmk	Version 2.1.0 p28
Checkmk Checkmk	Version 2.1.0 p29
Checkmk Checkmk	Version 2.1.0 p2
Checkmk Checkmk	Version 2.1.0 p30
Checkmk Checkmk	Version 2.1.0 p31
Checkmk Checkmk	Version 2.1.0 p32
Checkmk Checkmk	Version 2.1.0 p33
Checkmk Checkmk	Version 2.1.0 p34
Checkmk Checkmk	Version 2.1.0 p35
Checkmk Checkmk	Version 2.1.0 p36
Checkmk Checkmk	Version 2.1.0 p37
Checkmk Checkmk	Version 2.1.0 p38
Checkmk Checkmk	Version 2.1.0 p39
Checkmk Checkmk	Version 2.1.0 p3
Checkmk Checkmk	Version 2.1.0 p40
Checkmk Checkmk	Version 2.1.0 p41
Checkmk Checkmk	Version 2.1.0 p42
Checkmk Checkmk	Version 2.1.0 p43
Checkmk Checkmk	Version 2.1.0 p44
Checkmk Checkmk	Version 2.1.0 p4
Checkmk Checkmk	Version 2.1.0 p5
Checkmk Checkmk	Version 2.1.0 p6
Checkmk Checkmk	Version 2.1.0 p7
Checkmk Checkmk	Version 2.1.0 p8
Checkmk Checkmk	Version 2.1.0 p9
Checkmk Checkmk	Version 2.2.0
Checkmk Checkmk	Version 2.2.0 b1
Checkmk Checkmk	Version 2.2.0 b2
Checkmk Checkmk	Version 2.2.0 b3
Checkmk Checkmk	Version 2.2.0 b4
Checkmk Checkmk	Version 2.2.0 b5
Checkmk Checkmk	Version 2.2.0 b6
Checkmk Checkmk	Version 2.2.0 b7
Checkmk Checkmk	Version 2.2.0 b8
Checkmk Checkmk	Version 2.2.0 i1
Checkmk Checkmk	Version 2.2.0 p10
Checkmk Checkmk	Version 2.2.0 p11
Checkmk Checkmk	Version 2.2.0 p12
Checkmk Checkmk	Version 2.2.0 p13
Checkmk Checkmk	Version 2.2.0 p14
Checkmk Checkmk	Version 2.2.0 p15
Checkmk Checkmk	Version 2.2.0 p16
Checkmk Checkmk	Version 2.2.0 p17
Checkmk Checkmk	Version 2.2.0 p18
Checkmk Checkmk	Version 2.2.0 p19
Checkmk Checkmk	Version 2.2.0 p1
Checkmk Checkmk	Version 2.2.0 p20
Checkmk Checkmk	Version 2.2.0 p21
Checkmk Checkmk	Version 2.2.0 p22
Checkmk Checkmk	Version 2.2.0 p23
Checkmk Checkmk	Version 2.2.0 p24
Checkmk Checkmk	Version 2.2.0 p25
Checkmk Checkmk	Version 2.2.0 p26
Checkmk Checkmk	Version 2.2.0 p27
Checkmk Checkmk	Version 2.2.0 p28
Checkmk Checkmk	Version 2.2.0 p2
Checkmk Checkmk	Version 2.2.0 p3
Checkmk Checkmk	Version 2.2.0 p4
Checkmk Checkmk	Version 2.2.0 p5
Checkmk Checkmk	Version 2.2.0 p6
Checkmk Checkmk	Version 2.2.0 p7
Checkmk Checkmk	Version 2.2.0 p8
Checkmk Checkmk	Version 2.2.0 p9
Checkmk Checkmk	Version 2.3.0 p1
Checkmk Checkmk	Version 2.3.0 p2
Checkmk Checkmk	Version 2.3.0 p3
Checkmk Checkmk	Version 2.3.0 p4
Checkmk Checkmk	Version 2.3.0 p5
Checkmk Checkmk	Version 2.3.0 p6
Checkmk Checkmk	Version 2.3.0 p7

Related CWEs

CWE-352

Cross-Site Request Forgery (CSRF)

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

References (2)

https://checkmk.com/werk/17090

Source: security@checkmk.com

Vendor Advisory

https://checkmk.com/werk/17090

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.