[//]: # (werk v2) # CSRF token leaked in URL parameters (CVE-2024-38863) key | value ---------- | --- date | 2024-10-07T05:48:40+00:00 version | 2.4.0b1 class | security edition | cre component | wato level | 1 compatible | yes Before this Werk, the CSRF token was mistakenly included as a query parameter in certain URLs when navigating Checkmk, which could result in the token being saved in bookmarks. This increased the risk of unintentional exposure, such as when sharing bookmarks with other users. The issue has been resolved. While storing or unintentionally exposing the token doesn't present an immediate security threat, it could potentially enable phishing attacks targeting the specific user for the duration of the token's validity. In Checkmk, CSRF tokens remain valid for the session's duration (configured under Global settings > Session management). This issue was found during internal review. *Affected Versions*: * 2.3.0 * 2.2.0 * 2.1.0 *Mitigations*: Avoid sharing or exposing URLs that contain the query parameter `csrf_token=`. *Vulnerability Management*: We have rated the issue with a CVSS Score of 2.0 Low (`CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:A/VC:L/VI:N/VA:N/SC:L/SI:L/SA:L`) and assigned `CVE-2024-38863`.