Search CVE reports
1 – 10 of 75 results
CVE-2024-8606
Medium priorityBypass of two factor authentication in RestAPI in Checkmk < 2.3.0p16 and < 2.2.0p34 allows authenticated users to bypass two factor authentication
1 affected packages
check-mk
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
check-mk | Not in release | Not in release | Not in release | Needs evaluation | Needs evaluation |
CVE-2024-38859
Medium priorityXSS in the view page with the SLA column configured in Checkmk versions prior to 2.3.0p14, 2.2.0p33, 2.1.0p47 and 2.0.0 (EOL) allowed malicious users to execute arbitrary scripts by injecting HTML elements into the SLA column...
1 affected packages
check-mk
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
check-mk | Not in release | Not in release | Not in release | Needs evaluation | Needs evaluation |
CVE-2024-28829
Medium priorityLeast privilege violation and reliance on untrusted inputs in the mk_informix Checkmk agent plugin before Checkmk 2.3.0p12, 2.2.0p32, 2.1.0p47 and 2.0.0 (EOL) allows local users to escalate privileges.
1 affected packages
check-mk
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
check-mk | Not in release | Not in release | Not in release | Not affected | Not affected |
CVE-2024-28828
Medium priorityCross-Site request forgery in Checkmk < 2.3.0p8, < 2.2.0p29, < 2.1.0p45, and <= 2.0.0p39 (EOL) could lead to 1-click compromize of the site.
1 affected packages
check-mk
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
check-mk | Not in release | Not in release | Not in release | Needs evaluation | Needs evaluation |
CVE-2024-28827
Medium priorityIncorrect permissions on the Checkmk Windows Agent's data directory in Checkmk < 2.3.0p8, < 2.2.0p29, < 2.1.0p45, and <= 2.0.0p39 (EOL) allows a local attacker to gain SYSTEM privileges.
1 affected packages
check-mk
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
check-mk | Not in release | Not in release | Not in release | Needs evaluation | Needs evaluation |
CVE-2024-6163
Medium priorityCertain http endpoints of Checkmk in Checkmk < 2.3.0p10 < 2.2.0p31, < 2.1.0p46, <= 2.0.0p39 allows remote attacker to bypass authentication and access data
1 affected packages
check-mk
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
check-mk | Not in release | Not in release | Not in release | Needs evaluation | Needs evaluation |
CVE-2024-6052
Medium priorityStored XSS in Checkmk before versions 2.3.0p8, 2.2.0p29, 2.1.0p45, and 2.0.0 (EOL) allows users to execute arbitrary scripts by injecting HTML elements
1 affected packages
check-mk
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
check-mk | Not in release | Not in release | Not in release | Needs evaluation | Needs evaluation |
CVE-2024-38857
Medium priorityImproper neutralization of input in Checkmk before versions 2.3.0p8, 2.2.0p28, 2.1.0p45, and 2.0.0 (EOL) allows attackers to craft malicious links that can facilitate phishing attacks.
1 affected packages
check-mk
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
check-mk | Not in release | Not in release | Not in release | Needs evaluation | Needs evaluation |
CVE-2024-28830
Low priorityInsertion of Sensitive Information into Log File in Checkmk GmbH's Checkmk versions <2.3.0p7, <2.2.0p28, <2.1.0p45 and <=2.0.0p39 (EOL) causes automation user secrets to be written to audit log files accessible to administrators.
1 affected packages
check-mk
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
check-mk | Not in release | Not in release | Not in release | Needs evaluation | Needs evaluation |
CVE-2024-28832
Medium priorityStored XSS in the Crash Report page in Checkmk before versions 2.3.0p7, 2.2.0p28, 2.1.0p45, and 2.0.0 (EOL) allows users with permission to change Global Settings to execute arbitrary scripts by injecting HTML elements into the...
1 affected packages
check-mk
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
check-mk | Not in release | Not in release | Not in release | Needs evaluation | Needs evaluation |