106 matches found
UBUNTU-CVE-2022-46303
Command injection in SMS notifications in Tribe29 Checkmk = 2.1.0p10, Checkmk = 2.0.0p27, and Checkmk = 1.6.0p29 allows an attacker with User Management permissions, as well as LDAP administrators in certain scenarios, to perform arbitrary commands within the context of the application's local...
UBUNTU-CVE-2022-48318
No authorisation controls in the RestAPI documentation for Tribe29's Checkmk = 2.1.0p13 and Checkmk = 2.0.0p29 which may lead to unintended information disclosure through automatically generated user specific tags within Rest API documentation...
CVE-2022-48318 Insecure access control mechanisms for RestAPI documentation
No authorisation controls in the RestAPI documentation for Tribe29's Checkmk = 2.1.0p13 and Checkmk = 2.0.0p29 which may lead to unintended information disclosure through automatically generated user specific tags within Rest API documentation...
PT-2023-15696 · Checkmk · Checkmk
Name of the Vulnerable Software and Affected Versions: Checkmk versions 1.6.0 and earlier Checkmk versions 2.0.0 through 2.0.0p29 Checkmk versions 2.1.0 through 2.1.0p13 Description: A sensitive host secret is disclosed in the cmk-update-agent.log file, allowing an attacker to gain access to the...
PT-2023-15897 · Checkmk · Checkmk
Name of the Vulnerable Software and Affected Versions: Checkmk versions 2.0.0 through 2.0.0p32 Checkmk versions 2.1.0 through 2.1.0p18 Description: The issue allows an administrator to write mkp files to arbitrary locations via a malicious mkp file, due to a path-traversal vulnerability in MKP...
CVE-2022-24565
Checkmk =2.0.0p19 Fixed in 2.0.0p20 and Checkmk =1.6.0p27 Fixed in 1.6.0p28 are affected by a Cross Site Scripting XSS vulnerability. The Alias of a site was not properly escaped when shown as condition for notifications...