109 matches found
Linux Distros Unpatched Vulnerability : CVE-2024-38859
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - XSS in the view page with the SLA column configured in Checkmk versions prior to 2.3.0p14, 2.2.0p33, 2.1.0p47 and 2.0.0 EOL allowed malicious users to execute...
Linux Distros Unpatched Vulnerability : CVE-2022-48319
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Sensitive host secret disclosed in cmk-update-agent.log file in Tribe29's Checkmk = 2.1.0p13, Checkmk = 2.0.0p29, and all versions of Checkmk 1.6.0 EOL allows a...
Linux Distros Unpatched Vulnerability : CVE-2023-6157
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Improper neutralization of livestatus command delimiters in ajaxsearch in Checkmk = 2.0.0p39, 2.1.0p37, and 2.2.0p15 allows arbitrary livestatus command executi...
Linux Distros Unpatched Vulnerability : CVE-2024-38862
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Insertion of Sensitive Information into Log File in Checkmk GmbH's Checkmk versions 2.3.0p18, 2.2.0p35, 2.1.0p48 and =2.0.0p39 EOL causes SNMP and IMPI secrets ...
Linux Distros Unpatched Vulnerability : CVE-2022-46303
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Command injection in SMS notifications in Tribe29 Checkmk = 2.1.0p10, Checkmk = 2.0.0p27, and Checkmk = 1.6.0p29 allows an attacker with User Management...
Linux Distros Unpatched Vulnerability : CVE-2024-3367
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Argument injection in webspheremq agent plugin in Checkmk 2.0.0, 2.1.0, 2.2.0p26 and 2.3.0b5 allows local attacker to inject one argument to runmqsc CVE-2024-33...
Linux Distros Unpatched Vulnerability : CVE-2023-31210
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Usage of user controlled LDLIBRARYPATH in agent in Checkmk 2.2.0p10 up to 2.2.0p16 allows malicious Checkmk site user to escalate rights via injection of...
Linux Distros Unpatched Vulnerability : CVE-2022-48318
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - No authorisation controls in the RestAPI documentation for Tribe29's Checkmk = 2.1.0p13 and Checkmk = 2.0.0p29 which may lead to unintended information disclosu...
Linux Distros Unpatched Vulnerability : CVE-2023-6735
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Privilege escalation in mktsm agent plugin in Checkmk before 2.2.0p18, 2.1.0p38 and 2.0.0p39 allows local user to escalate privileges CVE-2023-6735 Note that...
Linux Distros Unpatched Vulnerability : CVE-2023-1768
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Inappropriate error handling in Tribe29 Checkmk = 2.1.0p25, = 2.0.0p34, = 2.2.0b3 beta, and all versions of Checkmk 1.6.0 causes the symmetric encryption of age...
CVE-2025-32915
Packages downloaded by Checkmk's automatic agent updates on Linux and Solaris have incorrect permissions in Checkmk 2.4.0p1, 2.3.0p32, 2.2.0p42 and = 2.1.0p49 EOL. This allows a local attacker to read sensitive data...
CVE-2024-5741
Stored XSS in inventory tree rendering in Checkmk before 2.3.0p7, 2.2.0p28, 2.1.0p45 and 2.0.0 EOL...
CVE-2023-31207
Transmission of credentials within query parameters in Checkmk = 2.1.0p26, = 2.0.0p35, and = 2.2.0b6 beta may cause the automation user's secret to be written to the site Apache access log...
CVE-2023-22288
HTML Email Injection in Tribe29 Checkmk =2.1.0p23; =2.0.0p34, and all versions of Checkmk 1.6.0 allows an authenticated attacker to inject malicious HTML into Emails...
PT-2025-22483 · Checkmk · Checkmk
Name of the Vulnerable Software and Affected Versions: Checkmk versions prior to 2.4.0p1 Checkmk versions prior to 2.3.0p32 Checkmk versions prior to 2.2.0p42 Checkmk versions prior to or equal to 2.1.0p49 Description: The issue arises from incorrect permissions of packages downloaded by Checkmk'...
PT-2025-22330 · Checkmk · Checkmk
Name of the Vulnerable Software and Affected Versions: Checkmk versions prior to 2.4.0p1 Checkmk versions prior to 2.3.0p32 Checkmk versions prior to 2.2.0p42 Checkmk version 2.1.0 Description: The issue allows authenticated attackers to write arbitrary files due to argument injection in special...
Checkmk < 2.2.0p42, 2.3.x < 2.3.0p32 Privilege Escalation Vulnerability
Checkmk is prone to a privilege escalation vulnerability. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:checkmk:checkmk"; if...
CVE-2025-32917 Privilege escalation in jar_signature
Privilege escalation in jarsignature agent plugin in Checkmk versions 2.4.0b7 beta, 2.3.0p32, 2.2.0p42, and 2.1.0p49 EOL allow user with write access to JAVAHOME/bin directory to escalate privileges...
CVE-2025-32917 Privilege escalation in jar_signature
Privilege escalation in jarsignature agent plugin in Checkmk versions 2.4.0b7 beta, 2.3.0p32, 2.2.0p42, and 2.1.0p49 EOL allow user with write access to JAVAHOME/bin directory to escalate privileges...
CVE-2025-32917
CVE-2025-32917 affects Checkmk’s jar_signature agent plugin. Affected versions are before 2.4.0b7 (beta), before 2.3.0p32, before 2.2.0p42, and 2.1.0p49 (EOL). The vulnerability allows a user with write access to JAVA_HOME/bin to escalate privileges. The provided documents do not contain explicit...