CVE-2022-24566

In Checkmk <=2.0.0p19 fixed in 2.0.0p20 and Checkmk

CVE-2022-24565

Checkmk <=2.0.0p19 Fixed in 2.0.0p20 and Checkmk

CVE-2017-14955

Check_MK before 1.2.8p26 mishandles certain errors within the failed-login save feature because of a race condition, which allows remote attackers to obtain sensitive user information by reading a GUI crash report.

CVE-2020-28919

A stored cross site scripting (XSS) vulnerability in Checkmk 1.6.0x prior to 1.6.0p19 allows an authenticated remote attacker to inject arbitrary JavaScript via a javascript: URL in a view title.

CVE-2021-36563

The CheckMK management web console (versions 1.5.0 to 2.0.0) does not sanitise user input in various parameters of the WATO module. This allows an attacker to open a backdoor on the device with HTML content and interpreted by the browser (such as JavaScript or other client-side scripts), the XSS pa...

CVE-2023-22288

HTML Email Injection in Tribe29 Checkmk <=2.1.0p23;

CVE-2024-2380

Stored XSS in graph rendering in Checkmk

CVE-2024-38862

Insertion of Sensitive Information into Log File in Checkmk GmbH's Checkmk versions <2.3.0p18, <2.2.0p35, <2.1.0p48 and

CVE-2024-28831

Stored XSS in some confirmation pop-ups in Checkmk before versions 2.3.0p7 and 2.2.0p28 allows Checkmk users to execute arbitrary scripts by injecting HTML elements into some user input fields that are shown in a confirmation pop-up.

CVE-2024-47094

Insertion of Sensitive Information into Log File in Checkmk GmbH's Checkmk versions <2.3.0p22, <2.2.0p37,

CVE-2023-31207

Transmission of credentials within query parameters in Checkmk <= 2.1.0p26, <= 2.0.0p35, and

CVE-2022-48318

No authorisation controls in the RestAPI documentation for Tribe29's Checkmk <= 2.1.0p13 and Checkmk

CVE-2022-48320

Cross-site Request Forgery (CSRF) in Tribe29's Checkmk <= 2.1.0p17, Checkmk

CVE-2023-1768

Inappropriate error handling in Tribe29 Checkmk <= 2.1.0p25, <= 2.0.0p34,