10 matches found
CVE-2014-2332
CVE-2014-2332 affects Check_MK before 1.2.2p3 and 1.2.3x before 1.2.3i5. The issue, tied to insecure direct object references, allows remote authenticated users to delete arbitrary files via a request to an unspecified link. The related advisory notes that exploitation can be facilitated by CVE-2...
CVE-2014-2329
Check_MK is affected in versions before 1.2.2p3 and 1.2.3x before 1.2.3i5 by multiple cross-site scripting (XSS) vulnerabilities due to improper validation of user input. An authenticated remote attacker can inject arbitrary script via the (1) agent string for a check_mk agent, (2) a crafted requ...
CVE-2014-5340
CVE-2014-5340 affects Check_MK via the wato component. The underlying issue is the unsafe use of Python’s pickle API in wato, allowing a remote attacker to execute arbitrary code by sending a crafted serialized object, tied to the automation URL. Affected versions noted in sources include Check_M...
CVE-2014-2330
CVE-2014-2330 corresponds to multiple CSRF flaws in the Check_MK Multisite GUI prior to version 1.2.5i2. The issue allows remote attackers to perform authenticated actions on behalf of users, including uploading arbitrary snapshots and deleting arbitrary files, via unknown vectors. Affected produ...
CVE-2014-0243
CVE-2014-0243 affects Check_MK through 1.2.5i2p1. Local attackers can read arbitrary files by exploiting a symlink in /var/lib/check_mk_agent/job leading to a file disclosure. The connected Nessus data indicates affected Linux builds (e.g., 1.2.3i pre-1.2.5i3) and references a mitigation path: up...
CVE-2017-11507
CVE-2017-11507 affects Check_MK. Vulnerable components: Check_MK versions 1.2.8x prior to 1.2.8p25 and 1.4.0x prior to 1.4.0p9. Root cause: cross-site scripting (XSS) via the output_format parameter and the username theme of failed HTTP Basic authentication attempts, with the injected HTML/JavaSc...
CVE-2014-2331
CVE-2014-2331 affects Check_MK 1.2.2p2, 1.2.2p3, and 1.2.3i5. Remote authenticated users can execute arbitrary Python code via a crafted rules.mk file in a snapshot. The vulnerability is linked to CVE-2014-2330 (CSRF), indicating a broader chain of issues in the Multisite GUI. No details on root ...
CVE-2014-5338
CVE-2014-5338 affects Check_MK 1.2.4 (<1.2.4p4) and 1.2.5 (
CVE-2014-5339
CVE-2014-5339 affects Check_MK 1.2.4p4 and 1.2.5i4 and prior, where an authenticated remote attacker could abuse row selections to write Check_MK configuration files (.mk) to arbitrary filesystem locations due to an insecure handling path. Affected products/versions in public advisories align wit...
CVE-2017-9781
CVE-2017-9781 affects Checkmk; an unauthenticated attacker could trigger cross-site scripting by supplying crafted input to the _username parameter during authentication to webapi.py, with the vulnerable behavior returning unencoded HTML. The cited advisories (USN-5527-1/2 and OSV-USN entries) de...