Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
tribe29 checkmk 2.0.0 vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv3
CVE-2022-46303
Command injection in SMS notifications in Tribe29 Checkmk <= 2.1.0p10, Checkmk <= 2.0.0p27, and Checkmk <= 1.6.0p29 allows an attacker with User Management permissions, as well as LDAP administrators in certain scenarios, to perform arbitrary commands within the context ...
Tribe29 Checkmk 2.1.0
Tribe29 Checkmk 2.0.0
Tribe29 Checkmk 1.6.0
7.8
CVSSv3
CVE-2022-43440
Uncontrolled Search Path Element in Checkmk Agent in Tribe29 Checkmk prior to 2.1.0p1, prior to 2.0.0p25 and prior to 1.6.0p29 on a Checkmk server allows the site user to escalate privileges via a manipulated unixcat executable
Tribe29 Checkmk 1.6.0
Tribe29 Checkmk
Tribe29 Checkmk 2.0.0
Tribe29 Checkmk 2.1.0
8.1
CVSSv3
CVE-2023-0284
Improper Input Validation of LDAP user IDs in Tribe29 Checkmk allows attackers that can control LDAP user IDs to manipulate files on the server. Checkmk <= 2.1.0p19, Checkmk <= 2.0.0p32, and all versions of Checkmk 1.6.0 (EOL) are affected.
Tribe29 Checkmk 2.0.0
Tribe29 Checkmk 2.1.0
Tribe29 Checkmk
4.9
CVSSv3
CVE-2022-4884
Path-Traversal in MKP storing in Tribe29 Checkmk <=2.0.0p32 and <= 2.1.0p18 allows an administrator to write mkp files to arbitrary locations via a malicious mkp file.
Tribe29 Checkmk 2.0.0
Tribe29 Checkmk 2.1.0
7.8
CVSSv3
CVE-2022-33912
A permission issue affects users that deployed the shipped version of the Checkmk Debian package. Packages created by the agent bakery (enterprise editions only) were not affected. Using the shipped version of the agents, the maintainer scripts located at /var/lib/dpkg/info/ will...
Tribe29 Checkmk 1.6.0
Tribe29 Checkmk 2.0.0
Tribe29 Checkmk 1.6.0b10
Tribe29 Checkmk 1.6.0b11
Tribe29 Checkmk 2.1.0
Tribe29 Checkmk 2.2.0
6.7
CVSSv3
CVE-2022-31258
In Checkmk prior to 1.6.0p29, 2.x prior to 2.0.0p25, and 2.1.x prior to 2.1.0b10, a site user can escalate to root by editing an OMD hook symlink.
Tribe29 Checkmk 1.6.0
Tribe29 Checkmk 2.0.0
Tribe29 Checkmk
Tribe29 Checkmk 2.1.0
Tribe29 Checkmk 1.6.0b10
Tribe29 Checkmk 1.6.0b11
Tribe29 Checkmk 1.6.0p10
Tribe29 Checkmk 1.6.0p17
Tribe29 Checkmk 1.6.0p18
Tribe29 Checkmk 1.6.0p11
Tribe29 Checkmk 1.6.0p12
Tribe29 Checkmk 1.6.0p13
Tribe29 Checkmk 1.6.0p14
Tribe29 Checkmk 1.6.0p15
Tribe29 Checkmk 1.6.0p16
8.8
CVSSv3
CVE-2021-40905
The web management console of CheckMK Enterprise Edition (versions 1.5.0 to 2.0.0p9) does not properly sanitise the uploading of ".mkp" files, which are Extension Packages, making remote code execution possible. Successful exploitation requires access to the web managem...
Tribe29 Checkmk 2.0.0
Tribe29 Checkmk
1 Github repository
5.4
CVSSv3
CVE-2022-24566
In Checkmk <=2.0.0p19 fixed in 2.0.0p20 and Checkmk <=1.6.0p27 fixed in 1.6.0p28, the title of a Predefined condition is not properly escaped when shown as condition, which can result in Cross Site Scripting (XSS).
Tribe29 Checkmk 1.6.0
Tribe29 Checkmk 2.0.0
5.4
CVSSv3
CVE-2022-24565
Checkmk <=2.0.0p19 Fixed in 2.0.0p20 and Checkmk <=1.6.0p27 Fixed in 1.6.0p28 are affected by a Cross Site Scripting (XSS) vulnerability. The Alias of a site was not properly escaped when shown as condition for notifications.
Tribe29 Checkmk 1.6.0
Tribe29 Checkmk 2.0.0
6.1
CVSSv3
CVE-2022-24564
Checkmk <=2.0.0p19 contains a Cross Site Scripting (XSS) vulnerability. While creating or editing a user attribute, the Help Text is subject to HTML injection, which can be triggered for editing a user.
Tribe29 Checkmk 2.0.0
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-7073
CVE-2024-5496
CVE-2024-5495
XPath injection
bypass
CVE-2024-30043
CVE-2024-24919
denial of service
CVE-2024-35468
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3