Primary

Context

Checkmk Log File Sensitive Information Disclosure Vulnerability

Vulnerability

Patched

A vulnerability exists in Checkmk versions prior to 2.3.0p29, prior to 2.2.0p41, and through 2.1.0p49 (EOL), allowing remote site authentication secrets to be inadvertently logged in files accessible to administrators. This issue arises when the log level for 'Web' is set to debug and the site interacts with remote sites, causing authentication secrets to be recorded in 'var/log/web.log'.

Impact

Exposed remote site authentication secrets in log files accessible to administrators.

Remediation

Users can upgrade to Checkmk versions 2.3.0p29, 2.2.0p41, or 2.5.0b1. If an immediate upgrade is not possible, the log level can be changed to verbose or less to prevent sensitive information from being logged.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.8

impact

2.5

exploitability

3.4

remediation

8.3

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.8

impact

2.5

exploitability

3.4

remediation

8.3

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Checkmk Log File Sensitive Information Disclosure Vulnerability

Vulnerability

Impact

Remediation

Affected Products

Checkmk

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating