CVE-2020-28919 — MEDIUM (5.4)

Vulnerability Description

A stored cross site scripting (XSS) vulnerability in Checkmk 1.6.0x prior to 1.6.0p19 allows an authenticated remote attacker to inject arbitrary JavaScript via a javascript: URL in a view title.

CVSS Score

5.4

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality

LOW

Integrity

LOW

Availability

NONE

Affected Products

Vendor	Product	Versions
Checkmk	Checkmk	1.6.0

Related Weaknesses (CWE)

CWE-79

References

https://checkmk.com/check_mk-werks.php?werk_id=11501Vendor Advisory
https://emacsninja.com/posts/cve-2020-28919-stored-xss-in-checkmk-160p18.htmlExploitThird Party Advisory
https://github.com/tribe29/checkmk/commit/c00f450f884d8a229b7d8ab3f0452ed802a1aePatchThird Party Advisory
https://github.com/tribe29/checkmk/commit/e7fd8e4c90be490e4293ec91804d00ec01af5cPatch
https://checkmk.com/check_mk-werks.php?werk_id=11501Vendor Advisory
https://emacsninja.com/posts/cve-2020-28919-stored-xss-in-checkmk-160p18.htmlExploitThird Party Advisory
https://github.com/tribe29/checkmk/commit/c00f450f884d8a229b7d8ab3f0452ed802a1aePatchThird Party Advisory
https://github.com/tribe29/checkmk/commit/e7fd8e4c90be490e4293ec91804d00ec01af5cPatch

FAQ

What is CVE-2020-28919?

CVE-2020-28919 is a vulnerability with a CVSS score of 5.4 (MEDIUM). A stored cross site scripting (XSS) vulnerability in Checkmk 1.6.0x prior to 1.6.0p19 allows an authenticated remote attacker to inject arbitrary JavaScript via a javascript: URL in a view title.

How severe is CVE-2020-28919?

CVE-2020-28919 has been rated MEDIUM with a CVSS base score of 5.4/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2020-28919?

Check the references section above for vendor advisories and patch information. Affected products include: Checkmk Checkmk.