14 matches found
CVE-2021-40906
Affected software: CheckMK Raw Edition (versions 1.5.0 to 1.6.0). Vulnerability type / root cause: Reflected XSS due to input not being sanitised in a web service parameter located in an unauthenticated zone. Impact (as described): attacker can inject HTML/JavaScript, potentially opening a backdo...
CVE-2021-40905
The CVE-2021-40905 issue affects Checkmk Enterprise Edition where the web management console does not properly sanitize uploads of ".mkp" Extension Packages, enabling remote code execution. OpenVAS details list Checkmk versions 1.5.x through 2.0.0p17 as vulnerable; the NVD entry covers 1.5.0–2.0....
CVE-2022-33912
The CVE-2022-33912 entry describes a local privilege escalation in Checkmk when using the shipped Debian package. The vulnerability arises because maintainer scripts under /var/lib/dpkg/info/ are owned by a user/group with ID 1001, allowing an attacker (with shell access) to modify these files, w...
CVE-2022-31258
CVE-2022-31258 affects Checkmk prior to 1.6.0p29, 2.x prior to 2.0.0p25, and 2.1.x prior to 2.1.0b10. The issue allows a site user to escalate to root by editing an OMD hook symlink. Affected component is the Checkmk install (OMD hook handling). Root-cause is improper handling of the OMD hook sym...
CVE-2023-31211
Summary of CVE-2023-31211 (Checkmk) : The issue is an insufficient authentication flow in Checkmk versions before 2.2.0p18, 2.1.0p38 and 2.0.0p39 that allows an attacker to use locked credentials, potentially enabling unauthorized access or impact on security controls. The root cause is authentic...
CVE-2023-22288
CVE-2023-22288 corresponds to an HTML Email Injection in Tribe29 CheckMK, affecting CheckMK versions <=2.1.0p23;
CVE-2023-31209
CVE-2023-31209 affects Checkmk before patch versions: 2.1.0p32, 2.0.0p38, and 2.2.0p4. Improper neutralization of active check command arguments enables arbitrary command execution for authenticated users. CVSS shows network access, low privileges, and high impact across confidentiality, integrit...
CVE-2023-0284
CVE-2023-0284 affects Checkmk with improper input validation of LDAP user IDs. Affected: Checkmk <= 2.1.0p19, Checkmk
CVE-2023-1768
CVE-2023-1768: In Checkmk, inappropriate error handling in Tribe29 components causes symmetric encryption of agent data to fail silently, leading to plaintext transmission in certain configurations. Affected are Checkmk versions <= 2.1.0p25, <= 2.0.0p34,
CVE-2023-22348
CVE-2023-22348 affects Checkmk with improper authorization in the REST API. Versions prior to 2.1.0p28 and prior to 2.2.0b8 allow remote authenticated users to read arbitrary host_configs due to insufficient access checks. Impact is limited to confidentiality (read of host_configs); no integrity/...
CVE-2023-31208
CVE-2023-31208 affects Checkmk via improper neutralization of livestatus command delimiters in the RestAPI, allowing arbitrary livestatus command execution for authorized users. Affected are Checkmk versions prior to 2.0.0p36, 2.1.0p28, and 2.2.0b8 (beta). The connected Red Hat/OSV/Nessus entries...
CVE-2023-6735
CVE-2023-6735 affects the Checkmk mk_tsm agent plugin. A local user can escalate privileges in affected releases. Vulnerable versions are Checkmk before 2.2.0p18, before 2.1.0p38, and before 2.0.0p39. The issue is a local privilege escalation; exploitation status is not detailed in the provided d...
CVE-2023-6740
CVE-2023-6740 affects Checkmk via a privilege escalation in the jar_signature agent plugin. The vulnerability allows a local user to escalate privileges in Checkmk installations using vulnerable plugin versions. Affected products/versions are Checkmk before 2.2.0p18, before 2.1.0p38, and before 2...
CVE-2023-22294
CVE-2023-22294 affects Tribe29 Checkmk Appliance prior to 1.6.4. The root cause is incorrectly set permissions that allow authenticated site users to escalate privileges (high impact: confidentiality, integrity, and availability). Affected product: Checkmk Appliance (Tribe29) prior to version 1.6...