CVE-2021-36563: 
Linux Ubuntu vulnerability analysis and mitigation

The CheckMK management web console (versions 1.5.0 to 2.0.0) contains multiple cross-site scripting (XSS) vulnerabilities identified as CVE-2021-36563. The vulnerability was initially discovered on April 12, 2021, and was publicly disclosed on July 26, 2021. The issue affects various parameters of the WATO module where user input is not properly sanitized (GitHub Exploit).

The vulnerability stems from improper sanitization of user input in various parameters of the WATO module. Multiple XSS injection points were identified, including the rule overview where scripts could be executed through the 'Text to match' field of EC rules, LDAP server and failover server configurations, and notification rules where scripts could be executed in the title and topic of aux tags (Vendor Advisory). Additionally, users with permission to add/edit items in the customize menu could trigger stored XSS in the overview page (Vendor Advisory). The vulnerability has been assigned a CVSS v3.1 base score of 5.4 (Medium) with vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N (NVD).

The vulnerability allows attackers to inject and execute arbitrary HTML or JavaScript code in the victim's browser. This could lead to the theft of sensitive information including user information, session cookies, and valid credentials. A particularly dangerous scenario involves an attacker with monitor role privileges potentially stealing the secretAutomation for API administrator access, enabling the creation of additional administrator users with high privileges (GitHub Exploit).

The vulnerability was addressed in multiple releases. Initial fixes were included in versions 2.0.0p4, 1.6.0p25, and 2.1.0b1 released on May 12, 2021. Additional XSS issues were later discovered and patched in version 2.0.0p10 released on August 26, 2021. Users are advised to upgrade to these or later versions to mitigate the vulnerability (Vendor Advisory, Vendor Advisory).