Checkmk 安全漏洞

Checkmk is an IT monitoring platform developed by Checkmk Corporation. There are security vulnerabilities in versions of Checkmk prior to 2.2.0, 2.3.0p46, 2.4.0p25, and 2.5.0b3. These vulnerabilities stem from the ability for site users to manipulate files, potentially leading to permission...

CVE-2023-22294

Privilege escalation in Tribe29 Checkmk Appliance before 1.6.4 allows authenticated site users to escalate privileges via incorrectly set permissions...

CVE-2024-47094

Insertion of Sensitive Information into Log File in Checkmk GmbH's Checkmk versions 2.3.0p22, 2.2.0p37, 2.1.0p50 EOL causes remote site secrets to be written to web log files accessible to local site users...

CVE-2024-43438 Moodle: idor in feedback non-respondents report allows messaging arbitrary site users

A flaw was found in Feedback. Bulk messaging in the activity's non-respondents report did not verify message recipients belonging to the set of users returned by the report...

CVE-2023-1844

The Subscribe2 plugin for WordPress is vulnerable to unauthorized access to email functionality due to a missing capability check when sending test emails in versions up to, and including, 10.40. This makes it possible for author-level attackers to send emails with arbitrary content and attachmen...

CVE-2023-1844 Subscribe2 <= 10.40 - Missing Authorization

The Subscribe2 plugin for WordPress is vulnerable to unauthorized access to email functionality due to a missing capability check when sending test emails in versions up to, and including, 10.40. This makes it possible for author-level attackers to send emails with arbitrary content and attachmen...

CVE-2022-46302

CVE-2022-46302 affects Tribe29 Checkmk installations prior to patched versions: Checkmk &lt;= 2.1.0p6, Checkmk

UBUNTU-CVE-2023-22294

Privilege escalation in Tribe29 Checkmk Appliance before 1.6.4 allows authenticated site users to escalate privileges via incorrectly set permissions...