Remote code execution

Broad access controls could allow site users to directly interact with the system Apache installation when providing the reverse proxy configurations for Tribe29's Checkmk = 2.1.0p6, Checkmk = 2.0.0p27, and all versions of Checkmk 1.6.0 EOL allowing an attacker to perform remote code execution wi...

Cross site scripting

Reflective Cross-Site-Scripting in Webconf in Tribe29 Checkmk Appliance before 1.6.4...

UBUNTU-CVE-2022-46302

Broad access controls could allow site users to directly interact with the system Apache installation when providing the reverse proxy configurations for Tribe29's Checkmk = 2.1.0p6, Checkmk = 2.0.0p27, and all versions of Checkmk 1.6.0 EOL allowing an attacker to perform remote code execution wi...

UBUNTU-CVE-2023-22309

Reflective Cross-Site-Scripting in Webconf in Tribe29 Checkmk Appliance before 1.6.4...

CVE-2022-46302

CVE-2022-46302 affects Tribe29 Checkmk installations prior to patched versions: Checkmk <= 2.1.0p6, Checkmk

CVE-2022-46302 Remote Code Execution with Root Privileges via Broad Apache Permissions

Broad access controls could allow site users to directly interact with the system Apache installation when providing the reverse proxy configurations for Tribe29's Checkmk = 2.1.0p6, Checkmk = 2.0.0p27, and all versions of Checkmk 1.6.0 EOL allowing an attacker to perform remote code execution wi...

CVE-2022-46302 Remote Code Execution with Root Privileges via Broad Apache Permissions

Broad access controls could allow site users to directly interact with the system Apache installation when providing the reverse proxy configurations for Tribe29's Checkmk = 2.1.0p6, Checkmk = 2.0.0p27, and all versions of Checkmk 1.6.0 EOL allowing an attacker to perform remote code execution wi...

CVE-2023-22309 Reflected Cross Site Scripting (XSS)

Reflective Cross-Site-Scripting in Webconf in Tribe29 Checkmk Appliance before 1.6.4...

CVE-2023-22309

CVE-2023-22309 describes a reflective XSS in Webconf of the Tribe29 Checkmk Appliance prior to version 1.6.4. The issue stems from inadequate input filtering/escaping in Webconf, enabling a crafted payload to impact web pages. Affected product: Tribe29 Checkmk Appliance (Webconf component); affec...

CVE-2023-22309 Reflected Cross Site Scripting (XSS)

Reflective Cross-Site-Scripting in Webconf in Tribe29 Checkmk Appliance before 1.6.4...

PT-2023-14899 · Apache +1 · Apache +1

Name of the Vulnerable Software and Affected Versions: Checkmk versions 1.6.0 through 2.1.0p6 Checkmk version 2.0.0p27 Description: The issue allows site users to directly interact with the system Apache installation when providing reverse proxy configurations, enabling an attacker to perform...

Checkmk 安全漏洞

Checkmk is an editor. Checkmk suffers from a code execution vulnerability that stems from broad access control when providing reverse proxy configurations that allow users to interact directly with the system Apache installation. An attacker can exploit this vulnerability to execute remote code...

Checkmk 跨站脚本漏洞

Checkmk is an editor. A cross-site scripting vulnerability exists in Checkmk Appliance versions prior to 1.6.4, which stems from the application's lack of effective filtering and escaping of user-supplied data, and can be exploited by an attacker to execute arbitrary web script or HTML by injecti...

PT-2023-18417 · Tribe29 · Tribe29 Checkmk Appliance

Name of the Vulnerable Software and Affected Versions: Tribe29 Checkmk Appliance versions prior to 1.6.4 Description: The issue is related to Reflective Cross-Site-Scripting in Webconf. Recommendations: For versions prior to 1.6.4, update to version 1.6.4 or later to resolve the issue...

CVE-2023-22294

Privilege escalation in Tribe29 Checkmk Appliance before 1.6.4 allows authenticated site users to escalate privileges via incorrectly set permissions...

CVE-2023-22307

Sensitive data exposure in Webconf in Tribe29 Checkmk Appliance before 1.6.4 allows local attacker to retrieve passwords via reading log files...

CVE-2023-22307

Sensitive data exposure in Webconf in Tribe29 Checkmk Appliance before 1.6.4 allows local attacker to retrieve passwords via reading log files...

CVE-2023-22294

Privilege escalation in Tribe29 Checkmk Appliance before 1.6.4 allows authenticated site users to escalate privileges via incorrectly set permissions...

CVE-2023-22294

Privilege escalation in Tribe29 Checkmk Appliance before 1.6.4 allows authenticated site users to escalate privileges via incorrectly set permissions...

UBUNTU-CVE-2023-22294

Privilege escalation in Tribe29 Checkmk Appliance before 1.6.4 allows authenticated site users to escalate privileges via incorrectly set permissions...