Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
checkmk checkmk vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2022-48317
Expired sessions were not securely terminated in the RestAPI for Tribe29's Checkmk <= 2.1.0p10 and Checkmk <= 2.0.0p28 allowing an malicious user to use expired session tokens when communicating with the RestAPI.
Tribe29 Checkmk 2.1.0
Tribe29 Checkmk 2.0.0
4.9
CVSSv3
CVE-2022-4884
Path-Traversal in MKP storing in Tribe29 Checkmk <=2.0.0p32 and <= 2.1.0p18 allows an administrator to write mkp files to arbitrary locations via a malicious mkp file.
Tribe29 Checkmk 2.0.0
Tribe29 Checkmk 2.1.0
5.4
CVSSv3
CVE-2022-24566
In Checkmk <=2.0.0p19 fixed in 2.0.0p20 and Checkmk <=1.6.0p27 fixed in 1.6.0p28, the title of a Predefined condition is not properly escaped when shown as condition, which can result in Cross Site Scripting (XSS).
Tribe29 Checkmk 1.6.0
Tribe29 Checkmk 2.0.0
5.4
CVSSv3
CVE-2022-24565
Checkmk <=2.0.0p19 Fixed in 2.0.0p20 and Checkmk <=1.6.0p27 Fixed in 1.6.0p28 are affected by a Cross Site Scripting (XSS) vulnerability. The Alias of a site was not properly escaped when shown as condition for notifications.
Tribe29 Checkmk 1.6.0
Tribe29 Checkmk 2.0.0
5.3
CVSSv3
CVE-2022-48318
No authorisation controls in the RestAPI documentation for Tribe29's Checkmk <= 2.1.0p13 and Checkmk <= 2.0.0p29 which may lead to unintended information disclosure through automatically generated user specific tags within Rest API documentation.
Tribe29 Checkmk 2.1.0
Tribe29 Checkmk 2.0.0
8.8
CVSSv3
CVE-2023-22294
Privilege escalation in Tribe29 Checkmk Appliance prior to 1.6.4 allows authenticated site users to escalate privileges via incorrectly set permissions.
Tribe29 Checkmk
8.8
CVSSv3
CVE-2021-40904
The web management console of CheckMK Raw Edition (versions 1.5.0 to 1.6.0) allows a misconfiguration of the web-app Dokuwiki (installed by default), which allows embedded php code. As a result, remote code execution is achieved. Successful exploitation requires access to the web...
Tribe29 Checkmk
1 Github repository
7.8
CVSSv3
CVE-2023-31210
Usage of user controlled LD_LIBRARY_PATH in agent in Checkmk 2.2.0p10 up to 2.2.0p16 allows malicious Checkmk site user to escalate rights via injection of malicious libraries
Tribe29 Checkmk 2.2.0
4.3
CVSSv3
CVE-2023-22359
User enumeration in Checkmk <=2.2.0p4 allows an authenticated malicious user to enumerate usernames.
Tribe29 Checkmk 2.2.0
5.4
CVSSv3
CVE-2020-28919
A stored cross site scripting (XSS) vulnerability in Checkmk 1.6.0x before 1.6.0p19 allows an authenticated remote malicious user to inject arbitrary JavaScript via a javascript: URL in a view title.
Tribe29 Checkmk 1.6.0
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
authentication bypass
CVE-2024-30043
camera
CVE-2023-40404
CVE-2024-2793
client side
CVE-2024-4469
CVE-2024-3565
CVE-2024-29825
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
NEXT »