Hardcoded credentials

HTML Email Injection in Tribe29 Checkmk =2.1.0p23; =2.0.0p34, and all versions of Checkmk 1.6.0 allows an authenticated attacker to inject malicious HTML into Emails...

UBUNTU-CVE-2023-22288

HTML Email Injection in Tribe29 Checkmk =2.1.0p23; =2.0.0p34, and all versions of Checkmk 1.6.0 allows an authenticated attacker to inject malicious HTML into Emails...

CVE-2023-22288 Email HTML Injection

HTML Email Injection in Tribe29 Checkmk =2.1.0p23; =2.0.0p34, and all versions of Checkmk 1.6.0 allows an authenticated attacker to inject malicious HTML into Emails...

CVE-2023-22288 Email HTML Injection

HTML Email Injection in Tribe29 Checkmk =2.1.0p23; =2.0.0p34, and all versions of Checkmk 1.6.0 allows an authenticated attacker to inject malicious HTML into Emails...

CVE-2023-22288

CVE-2023-22288 corresponds to an HTML Email Injection in Tribe29 CheckMK, affecting CheckMK versions <=2.1.0p23;

PT-2023-18400 · Checkmk · Checkmk

Name of the Vulnerable Software and Affected Versions: Checkmk versions 1.6.0 and earlier Checkmk versions 2.0.0p1 through 2.0.0p34 Checkmk versions 2.1.0p1 through 2.1.0p23 Description: The issue allows an authenticated attacker to inject malicious HTML into emails. Recommendations: For Checkmk...

Checkmk 跨站脚本漏洞

Checkmk is an editor. A security vulnerability exists in versions of Checkmk prior to 1.6.0. An attacker exploited the vulnerability to inject malicious HTML into emails...

Checkmk 2.0.x < 2.0.0p30, 2.1.x < 2.1.0p14 Information Disclosure Vulnerability

Checkmk is prone to an information disclosure vulnerability. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:checkmk:checkmk"; if...

Checkmk 2.0.x < 2.0.0p30, 2.1.x < 2.1.0p14 Information Disclosure Vulnerability

Checkmk is prone to an information disclosure vulnerability. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:checkmk:checkmk"; if...

Checkmk 2.0.x < 2.0.0p29, 2.1.x < 2.1.0p12 Improper Input Validation Vulnerability

Checkmk is prone to an improper input validation vulnerability. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:checkmk:checkmk";...

Checkmk 2.0.x < 2.0.0p32, 2.1.x < 2.1.0p18 CSRF Vulnerability

Checkmk is prone to a cross-site request forgery CSRF vulnerability. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Checkmk 2.1.x < 2.1.0p12 SSRF Vulnerability

Checkmk is prone to a server-side request forgery SSRF vulnerability. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Checkmk 2.0.x < 2.0.0p29, 2.1.x < 2.1.0p11 Insufficient Session Expiration Vulnerability

Checkmk is prone to an insufficient session expiration vulnerability. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Checkmk 1.6.x < 1.6.0p30, 2.0.x < 2.0.0p28, 2.1.x < 2.1.0p11 Multiple Vulnerabilities

Checkmk is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:checkmk:checkmk"; if description...

CVE-2022-48320

Cross-site Request Forgery CSRF in Tribe29's Checkmk = 2.1.0p17, Checkmk = 2.0.0p31, and all versions of Checkmk 1.6.0 EOL allow an attacker to add new visual elements to multiple pages...

CVE-2022-46836

PHP code injection in watolib auth.php and hosttags.php in Tribe29's Checkmk = 2.1.0p10, Checkmk = 2.0.0p27, and Checkmk = 1.6.0p29 allows an attacker to inject and execute PHP code which will be executed upon request of the vulnerable component...

CVE-2022-47909

Livestatus Query Language LQL injection in the AuthUser HTTP query header of Tribe29's Checkmk = 2.1.0p11, Checkmk = 2.0.0p28, and all versions of Checkmk 1.6.0 EOL allows an attacker to perform direct queries to the application's core from localhost...

CVE-2022-48319

Sensitive host secret disclosed in cmk-update-agent.log file in Tribe29's Checkmk = 2.1.0p13, Checkmk = 2.0.0p29, and all versions of Checkmk 1.6.0 EOL allows an attacker to gain access to the host secret through the unprotected agent updater log file...

CVE-2022-48321

Limited Server-Side Request Forgery SSRF in agent-receiver in Tribe29's Checkmk = 2.1.0p11 allows an attacker to communicate with local network restricted endpoints by use of the host registration API...

CVE-2022-48317

Expired sessions were not securely terminated in the RestAPI for Tribe29's Checkmk = 2.1.0p10 and Checkmk = 2.0.0p28 allowing an attacker to use expired session tokens when communicating with the RestAPI...