Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
tribe29 checkmk vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2022-48317
Expired sessions were not securely terminated in the RestAPI for Tribe29's Checkmk <= 2.1.0p10 and Checkmk <= 2.0.0p28 allowing an malicious user to use expired session tokens when communicating with the RestAPI.
Tribe29 Checkmk 2.1.0
Tribe29 Checkmk 2.0.0
NA
CVE-2022-4884
Path-Traversal in MKP storing in Tribe29 Checkmk <=2.0.0p32 and <= 2.1.0p18 allows an administrator to write mkp files to arbitrary locations via a malicious mkp file.
Tribe29 Checkmk 2.0.0
Tribe29 Checkmk 2.1.0
3.5
CVSSv2
CVE-2022-24566
In Checkmk <=2.0.0p19 fixed in 2.0.0p20 and Checkmk <=1.6.0p27 fixed in 1.6.0p28, the title of a Predefined condition is not properly escaped when shown as condition, which can result in Cross Site Scripting (XSS).
Tribe29 Checkmk 1.6.0
Tribe29 Checkmk 2.0.0
NA
CVE-2022-48318
No authorisation controls in the RestAPI documentation for Tribe29's Checkmk <= 2.1.0p13 and Checkmk <= 2.0.0p29 which may lead to unintended information disclosure through automatically generated user specific tags within Rest API documentation.
Tribe29 Checkmk 2.1.0
Tribe29 Checkmk 2.0.0
6.8
CVSSv2
CVE-2021-40904
The web management console of CheckMK Raw Edition (versions 1.5.0 to 1.6.0) allows a misconfiguration of the web-app Dokuwiki (installed by default), which allows embedded php code. As a result, remote code execution is achieved. Successful exploitation requires access to the web...
Tribe29 Checkmk
1 Github repository
NA
CVE-2023-22294
Privilege escalation in Tribe29 Checkmk Appliance prior to 1.6.4 allows authenticated site users to escalate privileges via incorrectly set permissions.
Tribe29 Checkmk
3.5
CVSSv2
CVE-2020-28919
A stored cross site scripting (XSS) vulnerability in Checkmk 1.6.0x before 1.6.0p19 allows an authenticated remote malicious user to inject arbitrary JavaScript via a javascript: URL in a view title.
Tribe29 Checkmk 1.6.0
NA
CVE-2023-31210
Usage of user controlled LD_LIBRARY_PATH in agent in Checkmk 2.2.0p10 up to 2.2.0p16 allows malicious Checkmk site user to escalate rights via injection of malicious libraries
Tribe29 Checkmk 2.2.0
4.3
CVSSv2
CVE-2022-24564
Checkmk <=2.0.0p19 contains a Cross Site Scripting (XSS) vulnerability. While creating or editing a user attribute, the Help Text is subject to HTML injection, which can be triggered for editing a user.
Tribe29 Checkmk 2.0.0
NA
CVE-2022-48321
Limited Server-Side Request Forgery (SSRF) in agent-receiver in Tribe29's Checkmk <= 2.1.0p11 allows an malicious user to communicate with local network restricted endpoints by use of the host registration API.
Tribe29 Checkmk 2.1.0
2 Github repositories
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
bypass
open redirect
CVE-2024-4358
CVE-2024-24199
CVE-2024-5550
CVE-2024-5305
CVE-2024-30373
CVE-2024-1800
deserialization
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
NEXT »