Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Checkmk
(Checkmk)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 69 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2023-05-02 | CVE-2023-31207 | Transmission of credentials within query parameters in Checkmk <= 2.1.0p26, <= 2.0.0p35, and <= 2.2.0b6 (beta) may cause the automation user's secret to be written to the site Apache access log. | Checkmk | 5.5 | ||
| 2024-09-17 | CVE-2024-38860 | Improper neutralization of input in Checkmk before versions 2.3.0p16 and 2.2.0p34 allows attackers to craft malicious links that can facilitate phishing attacks. | Checkmk | 6.1 | ||
| 2024-03-11 | CVE-2024-0670 | Privilege escalation in windows agent plugin in Checkmk before 2.2.0p23, 2.1.0p40 and 2.0.0 (EOL) allows local user to escalate privileges | Checkmk | 7.8 | ||
| 2024-04-24 | CVE-2024-28825 | Improper restriction of excessive authentication attempts on some authentication methods in Checkmk before 2.3.0b5 (beta), 2.2.0p26, 2.1.0p43, and in Checkmk 2.0.0 (EOL) facilitates password brute-forcing. | Checkmk | 9.8 | ||
| 2024-04-16 | CVE-2024-3367 | Argument injection in websphere_mq agent plugin in Checkmk 2.0.0, 2.1.0, <2.2.0p26 and <2.3.0b5 allows local attacker to inject one argument to runmqsc | Checkmk | 5.5 | ||
| 2024-04-05 | CVE-2024-2380 | Stored XSS in graph rendering in Checkmk <2.3.0b4. | Checkmk | 5.4 | ||
| 2024-03-22 | CVE-2024-0638 | Least privilege violation in the Checkmk agent plugins mk_oracle, mk_oracle.ps1, and mk_oracle_crs before Checkmk 2.3.0b4 (beta), 2.2.0p24, 2.1.0p41 and 2.0.0 (EOL) allows local users to escalate privileges. | Checkmk | 6.7 | ||
| 2024-03-22 | CVE-2024-28824 | Least privilege violation and reliance on untrusted inputs in the mk_informix Checkmk agent plugin before Checkmk 2.3.0b4 (beta), 2.2.0p24, 2.1.0p41 and 2.0.0 (EOL) allows local users to escalate privileges. | Checkmk | 7.8 | ||
| 2024-03-22 | CVE-2024-1742 | Invocation of the sqlplus command with sensitive information in the command line in the mk_oracle Checkmk agent plugin before Checkmk 2.3.0b4 (beta), 2.2.0p24, 2.1.0p41 and 2.0.0 (EOL) allows the extraction of this information from the process list. | Checkmk | 3.3 | ||
| 2024-05-29 | CVE-2024-28826 | Improper restriction of local upload and download paths in check_sftp in Checkmk before 2.3.0p4, 2.2.0p27, 2.1.0p44, and in Checkmk 2.0.0 (EOL) allows attackers with sufficient permissions to configure the check to read and write local files on the Checkmk site server. | Checkmk | 8.1 |