Lucene search
K
Tribe29Checkmk

14 matches found

CVE
CVE
added 2022/03/25 10:20 p.m.114 views

CVE-2021-40906

Affected software: CheckMK Raw Edition (versions 1.5.0 to 1.6.0). Vulnerability type / root cause: Reflected XSS due to input not being sanitised in a web service parameter located in an unauthenticated zone. Impact (as described): attacker can inject HTML/JavaScript, potentially opening a backdo...

6.1CVSS5.8AI score0.00974EPSS
CVE
CVE
added 2022/03/25 10:20 p.m.108 views

CVE-2021-40905

The CVE-2021-40905 issue affects Checkmk Enterprise Edition where the web management console does not properly sanitize uploads of ".mkp" Extension Packages, enabling remote code execution. OpenVAS details list Checkmk versions 1.5.x through 2.0.0p17 as vulnerable; the NVD entry covers 1.5.0–2.0....

8.8CVSS7.8AI score0.02812EPSS
CVE
CVE
added 2022/06/17 6:47 a.m.83 views

CVE-2022-33912

The CVE-2022-33912 entry describes a local privilege escalation in Checkmk when using the shipped Debian package. The vulnerability arises because maintainer scripts under /var/lib/dpkg/info/ are owned by a user/group with ID 1001, allowing an attacker (with shell access) to modify these files, w...

7.8CVSS7.7AI score0.00201EPSS
CVE
CVE
added 2022/05/20 10:2 p.m.71 views

CVE-2022-31258

CVE-2022-31258 affects Checkmk prior to 1.6.0p29, 2.x prior to 2.0.0p25, and 2.1.x prior to 2.1.0b10. The issue allows a site user to escalate to root by editing an OMD hook symlink. Affected component is the Checkmk install (OMD hook handling). Root-cause is improper handling of the OMD hook sym...

8.2CVSS6.5AI score0.00389EPSS
CVE
CVE
added 2024/01/12 7:49 a.m.68 views

CVE-2023-31211

Summary of CVE-2023-31211 (Checkmk) : The issue is an insufficient authentication flow in Checkmk versions before 2.2.0p18, 2.1.0p38 and 2.0.0p39 that allows an attacker to use locked credentials, potentially enabling unauthorized access or impact on security controls. The root cause is authentic...

8.8CVSS6.6AI score0.00507EPSS
CVE
CVE
added 2023/03/20 3:33 p.m.66 views

CVE-2023-22288

CVE-2023-22288 corresponds to an HTML Email Injection in Tribe29 CheckMK, affecting CheckMK versions <=2.1.0p23;

5.4CVSS4.8AI score0.00399EPSS
CVE
CVE
added 2023/08/10 8:14 a.m.62 views

CVE-2023-31209

CVE-2023-31209 affects Checkmk before patch versions: 2.1.0p32, 2.0.0p38, and 2.2.0p4. Improper neutralization of active check command arguments enables arbitrary command execution for authenticated users. CVSS shows network access, low privileges, and high impact across confidentiality, integrit...

8.8CVSS8.8AI score0.0102EPSS
CVE
CVE
added 2023/01/24 12:3 p.m.52 views

CVE-2023-0284

CVE-2023-0284 affects Checkmk with improper input validation of LDAP user IDs. Affected: Checkmk <= 2.1.0p19, Checkmk

8.1CVSS7.3AI score0.00921EPSS
CVE
CVE
added 2023/04/04 6:30 a.m.48 views

CVE-2023-1768

CVE-2023-1768: In Checkmk, inappropriate error handling in Tribe29 components causes symmetric encryption of agent data to fail silently, leading to plaintext transmission in certain configurations. Affected are Checkmk versions <= 2.1.0p25, <= 2.0.0p34,

5.3CVSS4.7AI score0.00913EPSS
CVE
CVE
added 2023/05/17 3:51 p.m.47 views

CVE-2023-22348

CVE-2023-22348 affects Checkmk with improper authorization in the REST API. Versions prior to 2.1.0p28 and prior to 2.2.0b8 allow remote authenticated users to read arbitrary host_configs due to insufficient access checks. Impact is limited to confidentiality (read of host_configs); no integrity/...

4.3CVSS4.4AI score0.00587EPSS
CVE
CVE
added 2023/05/17 8:24 a.m.47 views

CVE-2023-31208

CVE-2023-31208 affects Checkmk via improper neutralization of livestatus command delimiters in the RestAPI, allowing arbitrary livestatus command execution for authorized users. Affected are Checkmk versions prior to 2.0.0p36, 2.1.0p28, and 2.2.0b8 (beta). The connected Red Hat/OSV/Nessus entries...

8.8CVSS8.8AI score0.00974EPSS
CVE
CVE
added 2024/01/12 7:50 a.m.47 views

CVE-2023-6735

CVE-2023-6735 affects the Checkmk mk_tsm agent plugin. A local user can escalate privileges in affected releases. Vulnerable versions are Checkmk before 2.2.0p18, before 2.1.0p38, and before 2.0.0p39. The issue is a local privilege escalation; exploitation status is not detailed in the provided d...

8.8CVSS7.8AI score0.00276EPSS
CVE
CVE
added 2024/01/12 7:50 a.m.47 views

CVE-2023-6740

CVE-2023-6740 affects Checkmk via a privilege escalation in the jar_signature agent plugin. The vulnerability allows a local user to escalate privileges in Checkmk installations using vulnerable plugin versions. Affected products/versions are Checkmk before 2.2.0p18, before 2.1.0p38, and before 2...

8.8CVSS7.8AI score0.0018EPSS
CVE
CVE
added 2023/04/18 6:59 p.m.43 views

CVE-2023-22294

CVE-2023-22294 affects Tribe29 Checkmk Appliance prior to 1.6.4. The root cause is incorrectly set permissions that allow authenticated site users to escalate privileges (high impact: confidentiality, integrity, and availability). Affected product: Checkmk Appliance (Tribe29) prior to version 1.6...

8.8CVSS8.9AI score0.00678EPSS