Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
checkmk checkmk vulnerabilities and exploits
(subscribe to this query)
5.5
CVSSv3
CVE-2022-48319
Sensitive host secret disclosed in cmk-update-agent.log file in Tribe29's Checkmk <= 2.1.0p13, Checkmk <= 2.0.0p29, and all versions of Checkmk 1.6.0 (EOL) allows an malicious user to gain access to the host secret through the unprotected agent updater log file.
Tribe29 Checkmk 2.1.0
Tribe29 Checkmk 2.0.0
Tribe29 Checkmk 1.6.0
4.3
CVSSv3
CVE-2022-48320
Cross-site Request Forgery (CSRF) in Tribe29's Checkmk <= 2.1.0p17, Checkmk <= 2.0.0p31, and all versions of Checkmk 1.6.0 (EOL) allow an malicious user to add new visual elements to multiple pages.
Tribe29 Checkmk 2.1.0
Tribe29 Checkmk 2.0.0
Tribe29 Checkmk 1.6.0
3.5
CVSSv3
CVE-2023-6251
Cross-site Request Forgery (CSRF) in Checkmk < 2.2.0p15, < 2.1.0p37, <= 2.0.0p39 allow an authenticated malicious user to delete user-messages for individual users.
Tribe29 Checkmk 2.0.0
Tribe29 Checkmk 2.1.0
Tribe29 Checkmk 2.2.0
2.7
CVSSv3
CVE-2023-23549
Improper Input Validation in Checkmk <2.2.0p15, <2.1.0p37, <=2.0.0p39 allows priviledged malicious users to cause partial denial of service of the UI via too long hostnames.
Tribe29 Checkmk 2.0.0
Tribe29 Checkmk 2.1.0
Tribe29 Checkmk 2.2.0
8.8
CVSSv3
CVE-2023-6156
Improper neutralization of livestatus command delimiters in the availability timeline in Checkmk <= 2.0.0p39, < 2.1.0p37, and < 2.2.0p15 allows arbitrary livestatus command execution for authorized users.
Tribe29 Checkmk 2.0.0
Tribe29 Checkmk 2.1.0
Tribe29 Checkmk 2.2.0
8.8
CVSSv3
CVE-2023-6157
Improper neutralization of livestatus command delimiters in ajax_search in Checkmk <= 2.0.0p39, < 2.1.0p37, and < 2.2.0p15 allows arbitrary livestatus command execution for authorized users.
Tribe29 Checkmk 2.0.0
Tribe29 Checkmk 2.1.0
Tribe29 Checkmk 2.2.0
8.8
CVSSv3
CVE-2022-46836
PHP code injection in watolib auth.php and hosttags.php in Tribe29's Checkmk <= 2.1.0p10, Checkmk <= 2.0.0p27, and Checkmk <= 1.6.0p29 allows an malicious user to inject and execute PHP code which will be executed upon request of the vulnerable component.
Tribe29 Checkmk 2.1.0
Tribe29 Checkmk 2.0.0
Tribe29 Checkmk 1.6.0
2 Github repositories
8.8
CVSSv3
CVE-2021-40905
The web management console of CheckMK Enterprise Edition (versions 1.5.0 to 2.0.0p9) does not properly sanitise the uploading of ".mkp" files, which are Extension Packages, making remote code execution possible. Successful exploitation requires access to the web managem...
Tribe29 Checkmk 2.0.0
Tribe29 Checkmk
1 Github repository
7.8
CVSSv3
CVE-2020-24908
Checkmk prior to 1.6.0p17 allows local users to obtain SYSTEM privileges via a Trojan horse shell script in the %PROGRAMDATA%\checkmk\agent\local directory.
Tribe29 Checkmk
Tribe29 Checkmk 1.6.0
4.3
CVSSv3
CVE-2023-2020
Insufficient permission checks in the REST API in Tribe29 Checkmk <= 2.1.0p27 and <= 2.2.0b4 (beta) allow unauthorized users to schedule downtimes for any host.
Tribe29 Checkmk 2.1.0
Tribe29 Checkmk 2.2.0
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
bypass
open redirect
CVE-2024-4358
CVE-2024-24199
CVE-2024-5550
CVE-2024-5305
CVE-2024-30373
CVE-2024-1800
deserialization
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
NEXT »