[//]: # (werk v2)
# Escape user input on load failure of visuals
key | value
---------- | ---
date | 2024-06-26T10:17:37+00:00
version | 2.4.0b1
class | security
edition | cre
component | multisite
level | 1
compatible | yes
An attacker could create phishing links that take Checkmk users to their
Checkmk installation and lure them into a malicious link if a visual
(view/dashboard/report) did not exist.
<em>Affected Versions</em>:
LI: 2.3.0
LI: 2.2.0
LI: 2.1.0
LI: 2.0.0 (EOL)
<em>Vulnerability Management</em>:
We have rated the issue with a CVSS Score of <4.3 (Medium)> with the following
CVSS vector: <code>CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N</code> and
assigned CVE
<code>CVE-2024-38857</code>.
Show replies by date