There are 4 open security issues in bookworm.
2 important issues:
- CVE-2024-13722:
The "NagVis" component within Checkmk is vulnerable to reflected cross-site scripting. An attacker can craft a malicious link that will execute arbitrary JavaScript in the context of the browser once clicked. The attack can be performed on both authenticated and unauthenticated users.
- CVE-2024-13723:
The "NagVis" component within Checkmk is vulnerable to remote code execution. An authenticated attacker with administrative level privileges is able to upload a malicious PHP file and modify specific settings to execute the contents of the file as PHP.
2 issues left for the package maintainer to handle:
- CVE-2023-46287:
(needs triaging)
XSS exists in NagVis before 1.9.38 via the select function in share/server/core/functions/html.php.
- CVE-2024-47093:
(needs triaging)
Improper neutralization of input in Nagvis before version 1.9.42 which can lead to XSS
You can find information about how to handle these issues in the security team's documentation.
![[bug history graph]](https://qa.debian.org/data/bts/graphs/n/nagvis.png){kind=link}