USN-5527-1: Checkmk vulnerabilities
20 July 2022
Several security issues were fixed in Checkmk.
- check-mk - general purpose monitoring plugin for retrieving data
It was discovered that Checkmk incorrectly handled authentication. An attacker
could possibly use this issue to cause a race condition leading to information
It was discovered that Checkmk incorrectly handled certain inputs. An attacker
could use these cross-site scripting issues to inject arbitrary html or
session cookies and valid credentials. (CVE-2017-9781, CVE-2021-36563,
The problem can be corrected by updating your system to the following package versions:
In general, a standard system update will make all the necessary changes.
- USN-5527-2: check-mk-multisite, check-mk-config-nagios3, check-mk, check-mk-doc, check-mk-agent-logwatch, check-mk-agent, check-mk-livestatus, check-mk-server, check-mk-config-icinga