This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor tribe29 First view 2023-11-15
Product Checkmk Last view 2024-01-12
Version 2.2.0 Type Application
Update p12  
Edition *  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:a:tribe29:checkmk

Activity : Overall

Related : CVE

  Date Alert Description
7.8 2024-01-12 CVE-2023-6740

Privilege escalation in jar_signature agent plugin in Checkmk before 2.2.0p18, 2.1.0p38 and 2.0.0p39 allows local user to escalate privileges

7.8 2024-01-12 CVE-2023-6735

Privilege escalation in mk_tsm agent plugin in Checkmk before 2.2.0p18, 2.1.0p38 and 2.0.0p39 allows local user to escalate privileges

6.5 2024-01-12 CVE-2023-31211

Insufficient authentication flow in Checkmk before 2.2.0p18, 2.1.0p38 and 2.0.0p39 allows attacker to use locked credentials

7.8 2023-12-13 CVE-2023-31210

Usage of user controlled LD_LIBRARY_PATH in agent in Checkmk 2.2.0p10 up to 2.2.0p16 allows malicious Checkmk site user to escalate rights via injection of malicious libraries

3.5 2023-11-24 CVE-2023-6251

Cross-site Request Forgery (CSRF) in Checkmk < 2.2.0p15, < 2.1.0p37, <= 2.0.0p39 allow an authenticated attacker to delete user-messages for individual users.

8.8 2023-11-22 CVE-2023-6157

Improper neutralization of livestatus command delimiters in ajax_search in Checkmk <= 2.0.0p39, < 2.1.0p37, and < 2.2.0p15 allows arbitrary livestatus command execution for authorized users.

8.8 2023-11-22 CVE-2023-6156

Improper neutralization of livestatus command delimiters in the availability timeline in Checkmk <= 2.0.0p39, < 2.1.0p37, and < 2.2.0p15 allows arbitrary livestatus command execution for authorized users.

2.7 2023-11-15 CVE-2023-23549

Improper Input Validation in Checkmk <2.2.0p15, <2.1.0p37, <=2.0.0p39 allows priviledged attackers to cause partial denial of service of the UI via too long hostnames.

CWE : Common Weakness Enumeration

%idName
40% (2) CWE-269 Improper Privilege Management
20% (1) CWE-670 Always-Incorrect Control Flow Implementation
20% (1) CWE-427 Uncontrolled Search Path Element
20% (1) CWE-352 Cross-Site Request Forgery (CSRF)