CVE-2022-48318 Insecure access control mechanisms for RestAPI documentation

No authorisation controls in the RestAPI documentation for Tribe29's Checkmk = 2.1.0p13 and Checkmk = 2.0.0p29 which may lead to unintended information disclosure through automatically generated user specific tags within Rest API documentation...

CVE-2022-48318 Insecure access control mechanisms for RestAPI documentation

No authorisation controls in the RestAPI documentation for Tribe29's Checkmk = 2.1.0p13 and Checkmk = 2.0.0p29 which may lead to unintended information disclosure through automatically generated user specific tags within Rest API documentation...

CVE-2022-48317

CVE-2022-48317 affects Tribe29 Checkmk up to 2.1.0p10 and up to 2.0.0p28. Root cause: expired sessions are not securely terminated in the RestAPI, enabling use of expired session tokens during RestAPI communication. Impact metrics indicate potential high impact to confidentiality, integrity, and ...

CVE-2022-48317 Insecure Termination of RestAPI Session Tokens

Expired sessions were not securely terminated in the RestAPI for Tribe29's Checkmk = 2.1.0p10 and Checkmk = 2.0.0p28 allowing an attacker to use expired session tokens when communicating with the RestAPI...

CVE-2022-48321 SSRF in agent-receiver API

Limited Server-Side Request Forgery SSRF in agent-receiver in Tribe29's Checkmk = 2.1.0p11 allows an attacker to communicate with local network restricted endpoints by use of the host registration API...

CVE-2022-48321

CVE-2022-48321 is an SSRF in Checkmk’s agent-receiver (Checkmk versions = 2.1.0p12 or newer 2.2.x line) or applying vendor-specific mitigations where available. Exploitation and in‑the‑wild details are not explicitly documented beyond the cited references in the attached sources.

CVE-2022-47909 LQL Injection in Livestatus HTTP headers

Livestatus Query Language LQL injection in the AuthUser HTTP query header of Tribe29's Checkmk = 2.1.0p11, Checkmk = 2.0.0p28, and all versions of Checkmk 1.6.0 EOL allows an attacker to perform direct queries to the application's core from localhost...

CVE-2022-47909

CVE-2022-47909 – LQL injection in Checkmk AuthUser header . The vulnerability affects Tribe29 Checkmk ≤ 2.1.0p11, Checkmk ≤ 2.0.0p28, and all Checkmk 1.6.0 (EOL). It stems from a Livestatus Query Language (LQL) injection in the AuthUser HTTP query header, which allows an attacker to perform direc...

CVE-2022-46836

CVE-2022-46836 affects Tribe29 Checkmk; PHP code injection is possible in watolib auth.php and hosttags.php in Checkmk versions <= 2.1.0p10, <= 2.0.0p27, and

CVE-2022-46836 PHP code injection in watolib

PHP code injection in watolib auth.php and hosttags.php in Tribe29's Checkmk = 2.1.0p10, Checkmk = 2.0.0p27, and Checkmk = 1.6.0p29 allows an attacker to inject and execute PHP code which will be executed upon request of the vulnerable component...

CVE-2022-46303 Command injection in SMS notifications

Command injection in SMS notifications in Tribe29 Checkmk = 2.1.0p10, Checkmk = 2.0.0p27, and Checkmk = 1.6.0p29 allows an attacker with User Management permissions, as well as LDAP administrators in certain scenarios, to perform arbitrary commands within the context of the application's local...

CVE-2022-46303

CVE-2022-46303 documents a command injection in SMS notifications for Tribe29 Checkmk prior to versions 2.1.0p10, 2.0.0p27, and 1.6.0p29. Affected by a vulnerability that allows an attacker with User Management permissions (and, in some scenarios, LDAP administrators) to run arbitrary commands wi...

CVE-2022-46303 Command injection in SMS notifications

Command injection in SMS notifications in Tribe29 Checkmk = 2.1.0p10, Checkmk = 2.0.0p27, and Checkmk = 1.6.0p29 allows an attacker with User Management permissions, as well as LDAP administrators in certain scenarios, to perform arbitrary commands within the context of the application's local...

Checkmk 代码问题漏洞

Checkmk is an editor. A security vulnerability exists in Tribe29 Checkmk version 2.1.0p11 and prior versions, which stems from the discovery of a server-side request forgery vulnerability contained in the proxy receiver...

PT-2023-15694 · Checkmk · Checkmk

Name of the Vulnerable Software and Affected Versions: Checkmk versions 2.0.0p1 through 2.0.0p28 Checkmk versions 2.1.0p1 through 2.1.0p10 Description: The issue arises from the insecure termination of expired sessions in the RestAPI, allowing an attacker to utilize expired session tokens for...

PT-2023-15699 · Checkmk · Checkmk

Name of the Vulnerable Software and Affected Versions: Checkmk versions 2.1.0 through 2.1.0p11 Description: The issue allows an attacker to perform a limited Server-Side Request Forgery SSRF in the agent-receiver component, enabling communication with local network restricted endpoints through th...

Checkmk 安全漏洞

Checkmk is an editor. A security vulnerability exists in Tribe29 Checkmk version 2.1.0p11 and earlier, version 2.0.0p28 and earlier, and version 1.6.0. An attacker exploits the vulnerability to obtain sensitive information...

PT-2023-15068 · Checkmk · Checkmk

Name of the Vulnerable Software and Affected Versions: Checkmk versions 1.6.0 through 1.6.0p29 Checkmk versions 2.0.0 through 2.0.0p27 Checkmk versions 2.1.0 through 2.1.0p10 Description: The issue allows an attacker to inject and execute PHP code in the auth.php and hosttags.php files of the...

Checkmk 代码问题漏洞

Checkmk is an editor. A security vulnerability exists in Tribe29 Checkmk version 2.1.0p10 and earlier, version 2.0.0p28 and earlier, which stems from failing to securely terminate expired sessions in RestAPI. An attacker could exploit the vulnerability to use an expired session token when...

Checkmk 日志信息泄露漏洞

Checkmk is an editor. A security vulnerability exists in Tribe29 Checkmk version 2.1.0p13 and earlier, version 2.0.0p29 and earlier, and version 1.6.0. An attacker can exploit the vulnerability to update the program log file...