CVE-2014-2329 - OpenCVE

Multiple cross-site scripting (XSS) vulnerabilities in Check_MK before 1.2.2p3 and 1.2.3x before 1.2.3i5 allow remote authenticated users to inject arbitrary web script or HTML via the (1) agent string for a check_mk agent, a (2) crafted request to a monitored host, which is not properly handled by the logwatch module, or other unspecified vectors.

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication Single

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:N/AC:M/Au:S/C:N/I:P/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Check Mk Project	Check Mk

Configuration 1 [-]

OR	cpe:2.3:a:check_mk_project:check_mk::::::::
	cpe:2.3:a:check_mk_project:check_mk::::::::

References

Link	Resource
http://www.securityfocus.com/archive/1/531594
http://www.securityfocus.com/archive/1/531656

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2015-08-31T18:00:00

Updated: 2015-08-31T17:57:03

Reserved: 2014-03-12T00:00:00

Link: CVE-2014-2329

JSON object: View

NVD Information

Status : Analyzed

Published: 2015-08-31T18:59:00.137

Modified: 2015-09-01T14:55:32.250

Link: CVE-2014-2329

JSON object: View

Redhat Information

No data.

CWE

CWE-79

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2014-03-24T00:00:00", "descriptions": [{"lang": "en", "value": "Multiple cross-site scripting (XSS) vulnerabilities in Check_MK before 1.2.2p3 and 1.2.3x before 1.2.3i5 allow remote authenticated users to inject arbitrary web script or HTML via the (1) agent string for a check_mk agent, a (2) crafted request to a monitored host, which is not properly handled by the logwatch module, or other unspecified vectors."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2015-08-31T17:57:03", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "20140328 Deutsche Telekom CERT Advisory [DTC-A-20140324-002] update140328", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/531656"}, {"name": "20140324 Deutsche Telekom CERT Advisory [DTC-A-20140324-002] vulnerabilities in check_mk", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/531594"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2014-2329", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Multiple cross-site scripting (XSS) vulnerabilities in Check_MK before 1.2.2p3 and 1.2.3x before 1.2.3i5 allow remote authenticated users to inject arbitrary web script or HTML via the (1) agent string for a check_mk agent, a (2) crafted request to a monitored host, which is not properly handled by the logwatch module, or other unspecified vectors."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "20140328 Deutsche Telekom CERT Advisory [DTC-A-20140324-002] update140328", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/531656"}, {"name": "20140324 Deutsche Telekom CERT Advisory [DTC-A-20140324-002] vulnerabilities in check_mk", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/531594"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2014-2329", "datePublished": "2015-08-31T18:00:00", "dateReserved": "2014-03-12T00:00:00", "dateUpdated": "2015-08-31T17:57:03", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:check_mk_project:check_mk:*:*:*:*:*:*:*:*", "matchCriteriaId": "95E0BBA3-30F1-4F41-98D2-778353C19D80", "versionEndIncluding": "1.2.2", "vulnerable": true}, {"criteria": "cpe:2.3:a:check_mk_project:check_mk:*:*:*:*:*:*:*:*", "matchCriteriaId": "195404F2-1863-46EC-AA4E-987AFFD710AA", "versionEndIncluding": "1.2.3", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Multiple cross-site scripting (XSS) vulnerabilities in Check_MK before 1.2.2p3 and 1.2.3x before 1.2.3i5 allow remote authenticated users to inject arbitrary web script or HTML via the (1) agent string for a check_mk agent, a (2) crafted request to a monitored host, which is not properly handled by the logwatch module, or other unspecified vectors."}, {"lang": "es", "value": "M\u00faltiples vulnerabilidades de XSS en Check_MK en versiones anteriores a 1.2.2p3 y 1.2.3x en versiones anteriores a 1.2.3i5, permite a usuarios remotos autenticados inyectar secuencias de comandos web o HTML arbitrarios a trav\u00e9s de (1) la cadena agente para un agente check_mk, (2) una solicitud manipulada para un host monitorizado, lo cual no es correctamente manejado por el m\u00f3dulo logwatch, u otros vectores no especificados."}], "id": "CVE-2014-2329", "lastModified": "2015-09-01T14:55:32.250", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 3.5, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 6.8, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2015-08-31T18:59:00.137", "references": [{"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/531594"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/531656"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "nvd@nist.gov", "type": "Primary"}]}