CVE-2022-31258

CVE-2022-31258 affects Checkmk prior to 1.6.0p29, 2.x prior to 2.0.0p25, and 2.1.x prior to 2.1.0b10. The issue allows a site user to escalate to root by editing an OMD hook symlink. Affected component is the Checkmk install (OMD hook handling). Root-cause is improper handling of the OMD hook sym...

PT-2022-20645 · Checkmk · Checkmk

Name of the Vulnerable Software and Affected Versions: Checkmk versions prior to 1.6.0p29 Checkmk versions 2.x prior to 2.0.0p25 Checkmk versions 2.1.x prior to 2.1.0b10 Description: A site user can escalate to root by editing an OMD hook symlink. Recommendations: For Checkmk versions prior to...

Checkmk 后置链接漏洞

Checkmk is an editor. A security vulnerability exists in Checkmk, which can be exploited by an attacker to upgrade to root by editing an OMD hook link.The following products and versions are affected: versions prior to 1.6.0p29, 2.x versions prior to 2.0.0p25, and 2.1.x versions prior to 2.1.0b10...

Checkmk 1.5.x <= 2.0.0p17 RCE Vulnerability

Checkmk is prone to a remote code execution RCE vulnerability. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:checkmk:checkmk"; ...

Checkmk < 1.6.0p26 XSS Vulnerability

Checkmk is prone to a reflected cross-site scripting XSS vulnerability in pnptemplate.py. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Checkmk 1.5.x - 1.5.0p25 RCE Vulnerability

Checkmk is prone to a remote code execution RCE vulnerability. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:checkmk:checkmk"; ...

CVE-2021-40906

CheckMK Raw Edition software versions 1.5.0 to 1.6.0 does not sanitise the input of a web service parameter that is in an unauthenticated zone. This Reflected XSS allows an attacker to open a backdoor on the device with HTML content and interpreted by the browser such as JavaScript or other...

CVE-2021-40904

The web management console of CheckMK Raw Edition versions 1.5.0 to 1.6.0 allows a misconfiguration of the web-app Dokuwiki installed by default, which allows embedded php code. As a result, remote code execution is achieved. Successful exploitation requires access to the web management interface...

CVE-2021-40905

The web management console of CheckMK Enterprise Edition versions 1.5.0 to 2.0.0p9 does not properly sanitise the uploading of ".mkp" files, which are Extension Packages, making remote code execution possible. Successful exploitation requires access to the web management interface, either with...

CVE-2021-40904

The web management console of CheckMK Raw Edition versions 1.5.0 to 1.6.0 allows a misconfiguration of the web-app Dokuwiki installed by default, which allows embedded php code. As a result, remote code execution is achieved. Successful exploitation requires access to the web management interface...

CVE-2021-40905

The web management console of CheckMK Enterprise Edition versions 1.5.0 to 2.0.0p9 does not properly sanitise the uploading of ".mkp" files, which are Extension Packages, making remote code execution possible. Successful exploitation requires access to the web management interface, either with...

CVE-2021-40906

CheckMK Raw Edition software versions 1.5.0 to 1.6.0 does not sanitise the input of a web service parameter that is in an unauthenticated zone. This Reflected XSS allows an attacker to open a backdoor on the device with HTML content and interpreted by the browser such as JavaScript or other...

Remote code execution

DISPUTED The web management console of CheckMK Enterprise Edition versions 1.5.0 to 2.0.0p9 does not properly sanitise the uploading of ".mkp" files, which are Extension Packages, making remote code execution possible. Successful exploitation requires access to the web management interface, eithe...

CVE-2021-40906

CheckMK Raw Edition software versions 1.5.0 to 1.6.0 does not sanitise the input of a web service parameter that is in an unauthenticated zone. This Reflected XSS allows an attacker to open a backdoor on the device with HTML content and interpreted by the browser such as JavaScript or other...

Remote code execution

The web management console of CheckMK Raw Edition versions 1.5.0 to 1.6.0 allows a misconfiguration of the web-app Dokuwiki installed by default, which allows embedded php code. As a result, remote code execution is achieved. Successful exploitation requires access to the web management interface...

Authentication flaw

CheckMK Raw Edition software versions 1.5.0 to 1.6.0 does not sanitise the input of a web service parameter that is in an unauthenticated zone. This Reflected XSS allows an attacker to open a backdoor on the device with HTML content and interpreted by the browser such as JavaScript or other...

CVE-2021-40904

The web management console of CheckMK Raw Edition versions 1.5.0 to 1.6.0 allows a misconfiguration of the web-app Dokuwiki installed by default, which allows embedded php code. As a result, remote code execution is achieved. Successful exploitation requires access to the web management interface...

UBUNTU-CVE-2021-40904

The web management console of CheckMK Raw Edition versions 1.5.0 to 1.6.0 allows a misconfiguration of the web-app Dokuwiki installed by default, which allows embedded php code. As a result, remote code execution is achieved. Successful exploitation requires access to the web management interface...

UBUNTU-CVE-2021-40906

CheckMK Raw Edition software versions 1.5.0 to 1.6.0 does not sanitise the input of a web service parameter that is in an unauthenticated zone. This Reflected XSS allows an attacker to open a backdoor on the device with HTML content and interpreted by the browser such as JavaScript or other...

CVE-2021-40906

Affected software: CheckMK Raw Edition (versions 1.5.0 to 1.6.0). Vulnerability type / root cause: Reflected XSS due to input not being sanitised in a web service parameter located in an unauthenticated zone. Impact (as described): attacker can inject HTML/JavaScript, potentially opening a backdo...