CVE-2024-38866

Improper neutralization of input in Nagvis before version 1.9.47 which can lead to livestatus injection

CVSS

No CVSS.

References

Link	Resource
https://github.com/NagVis/nagvis/pull/398/commits/8d5d07e22dfca78df7420ac81cffff6f45ca9694
https://www.nagvis.org/downloads/changelog/1.9.47

Configurations

No configuration.

History

28 May 2025, 15:01

Type	Values Removed	Values Added
Summary		(es) Neutralización incorrecta de la entrada en Nagvis antes de la versión 1.9.47 que puede provocar la inyección de estado en vivo

27 May 2025, 07:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-05-27 07:15

Updated : 2025-05-28 15:01

NVD link : CVE-2024-38866

Mitre link : CVE-2024-38866

CVE.ORG link : CVE-2024-38866

JSON object : View

Products Affected

No product.

CWE

CWE-140

Improper Neutralization of Delimiters

{"id": "CVE-2024-38866", "cveTags": [], "metrics": {"cvssMetricV40": [{"type": "Secondary", "source": "security@checkmk.com", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 5.3, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:N/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "subIntegrityImpact": "LOW", "vulnIntegrityImpact": "NONE", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "LOW", "vulnAvailabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "NONE", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2025-05-27T07:15:34.797", "references": [{"url": "https://github.com/NagVis/nagvis/pull/398/commits/8d5d07e22dfca78df7420ac81cffff6f45ca9694", "source": "security@checkmk.com"}, {"url": "https://www.nagvis.org/downloads/changelog/1.9.47", "source": "security@checkmk.com"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "security@checkmk.com", "description": [{"lang": "en", "value": "CWE-140"}]}], "descriptions": [{"lang": "en", "value": "Improper neutralization of input in Nagvis before version 1.9.47 which can lead to livestatus injection"}, {"lang": "es", "value": "Neutralizaci\u00f3n incorrecta de la entrada en Nagvis antes de la versi\u00f3n 1.9.47 que puede provocar la inyecci\u00f3n de estado en vivo"}], "lastModified": "2025-05-28T15:01:30.720", "sourceIdentifier": "security@checkmk.com"}

CVE-2024-38866

JSON object

Attach tags to CVE-2024-38866

Attach tags to `CVE-2024-38866`