Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
checkmk checkmk vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2022-48317
Expired sessions were not securely terminated in the RestAPI for Tribe29's Checkmk <= 2.1.0p10 and Checkmk <= 2.0.0p28 allowing an malicious user to use expired session tokens when communicating with the RestAPI.
Tribe29 Checkmk 2.1.0
Tribe29 Checkmk 2.0.0
NA
CVE-2022-48318
No authorisation controls in the RestAPI documentation for Tribe29's Checkmk <= 2.1.0p13 and Checkmk <= 2.0.0p29 which may lead to unintended information disclosure through automatically generated user specific tags within Rest API documentation.
Tribe29 Checkmk 2.1.0
Tribe29 Checkmk 2.0.0
312
VMScore
CVE-2022-24566
In Checkmk <=2.0.0p19 fixed in 2.0.0p20 and Checkmk <=1.6.0p27 fixed in 1.6.0p28, the title of a Predefined condition is not properly escaped when shown as condition, which can result in Cross Site Scripting (XSS).
Tribe29 Checkmk 1.6.0
Tribe29 Checkmk 2.0.0
312
VMScore
CVE-2022-24565
Checkmk <=2.0.0p19 Fixed in 2.0.0p20 and Checkmk <=1.6.0p27 Fixed in 1.6.0p28 are affected by a Cross Site Scripting (XSS) vulnerability. The Alias of a site was not properly escaped when shown as condition for notifications.
Tribe29 Checkmk 1.6.0
Tribe29 Checkmk 2.0.0
NA
CVE-2023-2020
Insufficient permission checks in the REST API in Tribe29 Checkmk <= 2.1.0p27 and <= 2.2.0b4 (beta) allow unauthorized users to schedule downtimes for any host.
Tribe29 Checkmk 2.1.0
Tribe29 Checkmk 2.2.0
NA
CVE-2023-22294
Privilege escalation in Tribe29 Checkmk Appliance prior to 1.6.4 allows authenticated site users to escalate privileges via incorrectly set permissions.
Tribe29 Checkmk
605
VMScore
CVE-2021-40904
The web management console of CheckMK Raw Edition (versions 1.5.0 to 1.6.0) allows a misconfiguration of the web-app Dokuwiki (installed by default), which allows embedded php code. As a result, remote code execution is achieved. Successful exploitation requires access to the web...
Tribe29 Checkmk
1 Github repository
NA
CVE-2023-22359
User enumeration in Checkmk <=2.2.0p4 allows an authenticated malicious user to enumerate usernames.
Tribe29 Checkmk 2.2.0
NA
CVE-2023-31210
Usage of user controlled LD_LIBRARY_PATH in agent in Checkmk 2.2.0p10 up to 2.2.0p16 allows malicious Checkmk site user to escalate rights via injection of malicious libraries
Tribe29 Checkmk 2.2.0
383
VMScore
CVE-2022-24564
Checkmk <=2.0.0p19 contains a Cross Site Scripting (XSS) vulnerability. While creating or editing a user attribute, the Help Text is subject to HTML injection, which can be triggered for editing a user.
Tribe29 Checkmk 2.0.0
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463
CVE-2024-29895
inject
CVE-2023-52689
CVE-2024-5049
CVE-2024-5051
privilege escalation
physical
CVE-2023-52676
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
NEXT »