80 matches found
CVE-2023-23549
Improper Input Validation in Checkmk <2.2.0p15, <2.1.0p37,
CVE-2023-6157
Improper neutralization of livestatus command delimiters in ajax_search in Checkmk <= 2.0.0p39, < 2.1.0p37, and
CVE-2024-38864
Incorrect permissions on the Checkmk Windows Agent's data directory in Checkmk < 2.3.0p23, < 2.2.0p38 and
CVE-2022-47909
Livestatus Query Language (LQL) injection in the AuthUser HTTP query header of Tribe29's Checkmk <= 2.1.0p11, Checkmk
CVE-2022-4884
Path-Traversal in MKP storing in Tribe29 Checkmk <=2.0.0p32 and
CVE-2024-28826
Improper restriction of local upload and download paths in check_sftp in Checkmk before 2.3.0p4, 2.2.0p27, 2.1.0p44, and in Checkmk 2.0.0 (EOL) allows attackers with sufficient permissions to configure the check to read and write local files on the Checkmk site server.
CVE-2025-1712
Argument injection in special agent configuration in Checkmk <2.4.0p1, <2.3.0p32,
CVE-2022-46302
Broad access controls could allow site users to directly interact with the system Apache installation when providing the reverse proxy configurations for Tribe29's Checkmk <= 2.1.0p6, Checkmk
CVE-2024-38863
Exposure of CSRF tokens in query parameters on specific requests in Checkmk GmbH's Checkmk versions <2.3.0p18, <2.2.0p35 and
CVE-2025-1075
Insertion of Sensitive Information into Log File in Checkmk GmbH's Checkmk versions <2.3.0p27,
CVE-2025-3506
Files to be deployed with agents are accessible without authentication in Checkmk 2.1.0, Checkmk 2.2.0, Checkmk 2.3.0 and
CVE-2023-22359
User enumeration in Checkmk
CVE-2024-28828
Cross-Site request forgery in Checkmk < 2.3.0p8, < 2.2.0p29, < 2.1.0p45, and
CVE-2024-38865
Improper neutralization of livestatus command delimiters in a specific endpoint within RestAPI of Checkmk prior to 2.2.0p39, 2.3.0p25, and 2.1.0p51 (EOL) allows arbitrary livestatus command execution. Exploitation requires the attacker to have a contact group assigned to their user account and for ...
CVE-2023-6156
Improper neutralization of livestatus command delimiters in the availability timeline in Checkmk <= 2.0.0p39, < 2.1.0p37, and
CVE-2024-6542
Improper neutralization of livestatus command delimiters in mknotifyd in Checkmk <= 2.0.0p39, < 2.1.0p47, < 2.2.0p32 and
CVE-2022-48319
Sensitive host secret disclosed in cmk-update-agent.log file in Tribe29's Checkmk <= 2.1.0p13, Checkmk
CVE-2022-48321
Limited Server-Side Request Forgery (SSRF) in agent-receiver in Tribe29's Checkmk
CVE-2022-48318
No authorisation controls in the RestAPI documentation for Tribe29's Checkmk <= 2.1.0p13 and Checkmk
CVE-2023-31208
Improper neutralization of livestatus command delimiters in the RestAPI in Checkmk < 2.0.0p36, < 2.1.0p28, and
CVE-2022-48320
Cross-site Request Forgery (CSRF) in Tribe29's Checkmk <= 2.1.0p17, Checkmk
CVE-2023-22348
Improper Authorization in RestAPI in Checkmk GmbH's Checkmk versions <2.1.0p28 and
CVE-2023-6735
Privilege escalation in mk_tsm agent plugin in Checkmk before 2.2.0p18, 2.1.0p38 and 2.0.0p39 allows local user to escalate privileges
CVE-2025-32917
Privilege escalation in jar_signature agent plugin in Checkmk versions <2.4.0b7 (beta), <2.3.0p32,
CVE-2022-48317
Expired sessions were not securely terminated in the RestAPI for Tribe29's Checkmk <= 2.1.0p10 and Checkmk
CVE-2023-6740
Privilege escalation in jar_signature agent plugin in Checkmk before 2.2.0p18, 2.1.0p38 and 2.0.0p39 allows local user to escalate privileges
CVE-2023-23548
Reflected XSS in business intelligence in Checkmk <2.2.0p8, <2.1.0p32, <2.0.0p38,
CVE-2023-2020
Insufficient permission checks in the REST API in Tribe29 Checkmk <= 2.1.0p27 and
CVE-2023-1768
Inappropriate error handling in Tribe29 Checkmk <= 2.1.0p25, <= 2.0.0p34,
CVE-2025-32918
Improper neutralization of Livestatus command delimiters in autocomplete endpoint within the RestAPI of Checkmk versions <2.4.0p6, <2.3.0p35,