Checkmk Stored Cross-Site Scripting Vulnerability in URL Dashboard Widget

A stored cross-site scripting vulnerability has been identified in the URL dashboard widget of Checkmk versions prior to 2.5.0p5, 2.4.0p31, 2.3.0p48, and all 2.2.0 versions. This vulnerability allows users with dashboard editing permissions to save a URL containing a harmful URI scheme, such as 'javascript:'. When other users view the dashboard, the stored URL executes scripts in their browsers.

Impact

Exploitation of this vulnerability allows for stored cross-site scripting, where injected scripts are executed in the context of the user viewing the dashboard.

Reproduction

To reproduce this vulnerability, a user with dashboard editing permissions can create or edit a dashboard and add a URL widget. The user can then enter a URL with a dangerous URI scheme, such as 'javascript:'. Once the dashboard is saved and shared with other users, the injected script will execute in their browsers when they view the dashboard.

Remediation

The vulnerability has been addressed by updating the URL widget to only accept 'http' and 'https' URLs. Users should update to Checkmk versions 2.5.0p5, 2.4.0p31, 2.3.0p48, or a version later than 2.2.0 to mitigate this vulnerability.