Checkmk Security Vulnerabilities and Issues — Checkmk CVE List

Lucene search

Tribe29Checkmk

14 matches found

CVE•added 2022/03/25 11:15 p.m.•97 views

CVE-2021-40906

CheckMK Raw Edition software (versions 1.5.0 to 1.6.0) does not sanitise the input of a web service parameter that is in an unauthenticated zone. This Reflected XSS allows an attacker to open a backdoor on the device with HTML content and interpreted by the browser (such as JavaScript or other clie...

6.1CVSS5.8AI score0.00887EPSS

Web

CVE•added 2022/03/25 11:15 p.m.•85 views

CVE-2021-40905

The web management console of CheckMK Enterprise Edition (versions 1.5.0 to 2.0.0p9) does not properly sanitise the uploading of ".mkp" files, which are Extension Packages, making remote code execution possible. Successful exploitation requires access to the web management interface, either with va...

8.8CVSS8.9AI score0.0345EPSS

Web

CVE•added 2022/06/17 1:15 p.m.•67 views

CVE-2022-33912

A permission issue affects users that deployed the shipped version of the Checkmk Debian package. Packages created by the agent bakery (enterprise editions only) were not affected. Using the shipped version of the agents, the maintainer scripts located at /var/lib/dpkg/info/ will be owned by the us...

7.8CVSS7.7AI score0.00029EPSS

CVE•added 2022/05/20 11:15 p.m.•57 views

CVE-2022-31258

In Checkmk before 1.6.0p29, 2.x before 2.0.0p25, and 2.1.x before 2.1.0b10, a site user can escalate to root by editing an OMD hook symlink.

8.2CVSS6.5AI score0.00044EPSS

CVE•added 2023/03/20 4:15 p.m.•49 views

CVE-2023-22288

HTML Email Injection in Tribe29 Checkmk <=2.1.0p23;

5.4CVSS4.8AI score0.00512EPSS

CVE•added 2024/01/12 8:15 a.m.•48 views

CVE-2023-31211

Insufficient authentication flow in Checkmk before 2.2.0p18, 2.1.0p38 and 2.0.0p39 allows attacker to use locked credentials

8.8CVSS6.6AI score0.00122EPSS

CVE•added 2023/08/10 9:15 a.m.•42 views

CVE-2023-31209

Improper neutralization of active check command arguments in Checkmk < 2.1.0p32, < 2.0.0p38,

8.8CVSS8.8AI score0.0056EPSS

CVE•added 2023/01/26 9:18 p.m.•38 views

CVE-2023-0284

Improper Input Validation of LDAP user IDs in Tribe29 Checkmk allows attackers that can control LDAP user IDs to manipulate files on the server. Checkmk <= 2.1.0p19, Checkmk

8.1CVSS7.3AI score0.00453EPSS

CVE•added 2023/05/17 9:15 a.m.•31 views

CVE-2023-31208

Improper neutralization of livestatus command delimiters in the RestAPI in Checkmk < 2.0.0p36, < 2.1.0p28, and

8.8CVSS8.8AI score0.00513EPSS

CVE•added 2023/04/18 7:15 p.m.•30 views

CVE-2023-22294

Privilege escalation in Tribe29 Checkmk Appliance before 1.6.4 allows authenticated site users to escalate privileges via incorrectly set permissions.

8.8CVSS8.9AI score0.00172EPSS

CVE•added 2023/05/17 4:15 p.m.•30 views

CVE-2023-22348

Improper Authorization in RestAPI in Checkmk GmbH's Checkmk versions <2.1.0p28 and

4.3CVSS4.4AI score0.00153EPSS

CVE•added 2024/01/12 8:15 a.m.•30 views

CVE-2023-6735

Privilege escalation in mk_tsm agent plugin in Checkmk before 2.2.0p18, 2.1.0p38 and 2.0.0p39 allows local user to escalate privileges

8.8CVSS7.8AI score0.00067EPSS

CVE•added 2024/01/12 8:15 a.m.•29 views

CVE-2023-6740

Privilege escalation in jar_signature agent plugin in Checkmk before 2.2.0p18, 2.1.0p38 and 2.0.0p39 allows local user to escalate privileges