Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Checkmk
(Tribe29)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 41 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2023-11-24 | CVE-2023-6251 | Cross-site Request Forgery (CSRF) in Checkmk < 2.2.0p15, < 2.1.0p37, <= 2.0.0p39 allow an authenticated attacker to delete user-messages for individual users. | Checkmk | 3.5 | ||
| 2023-11-15 | CVE-2023-23549 | Improper Input Validation in Checkmk <2.2.0p15, <2.1.0p37, <=2.0.0p39 allows priviledged attackers to cause partial denial of service of the UI via too long hostnames. | Checkmk | 2.7 | ||
| 2023-08-10 | CVE-2023-31209 | Improper neutralization of active check command arguments in Checkmk < 2.1.0p32, < 2.0.0p38, < 2.2.0p4 leads to arbitrary command execution for authenticated users. | Checkmk | 8.8 | ||
| 2023-08-01 | CVE-2023-23548 | Reflected XSS in business intelligence in Checkmk <2.2.0p8, <2.1.0p32, <2.0.0p38, <=1.6.0p30. | Checkmk | 6.1 | ||
| 2023-06-26 | CVE-2023-22359 | User enumeration in Checkmk <=2.2.0p4 allows an authenticated attacker to enumerate usernames. | Checkmk | 4.3 | ||
| 2023-02-20 | CVE-2022-46303 | Command injection in SMS notifications in Tribe29 Checkmk <= 2.1.0p10, Checkmk <= 2.0.0p27, and Checkmk <= 1.6.0p29 allows an attacker with User Management permissions, as well as LDAP administrators in certain scenarios, to perform arbitrary commands within the context of the application's local permissions. | Checkmk | 7.5 | ||
| 2023-05-17 | CVE-2023-31208 | Improper neutralization of livestatus command delimiters in the RestAPI in Checkmk < 2.0.0p36, < 2.1.0p28, and < 2.2.0b8 (beta) allows arbitrary livestatus command execution for authorized users. | Checkmk | 8.8 | ||
| 2023-05-17 | CVE-2023-22348 | Improper Authorization in RestAPI in Checkmk GmbH's Checkmk versions <2.1.0p28 and <2.2.0b8 allows remote authenticated users to read arbitrary host_configs. | Checkmk | 4.3 | ||
| 2023-05-02 | CVE-2023-31207 | Transmission of credentials within query parameters in Checkmk <= 2.1.0p26, <= 2.0.0p35, and <= 2.2.0b6 (beta) may cause the automation user's secret to be written to the site Apache access log. | Checkmk | 5.5 | ||
| 2023-04-20 | CVE-2022-46302 | Broad access controls could allow site users to directly interact with the system Apache installation when providing the reverse proxy configurations for Tribe29's Checkmk <= 2.1.0p6, Checkmk <= 2.0.0p27, and all versions of Checkmk 1.6.0 (EOL) allowing an attacker to perform remote code execution with root privileges on the underlying host. | Checkmk | 8.8 |