Vulnerabilities > Checkmk

DATE CVE VULNERABILITY TITLE RISK
2024-10-10 CVE-2024-6747 Information Exposure vulnerability in Checkmk 2.1.0/2.2.0
Information leakage in mknotifyd in Checkmk before 2.3.0p18, 2.2.0p36, 2.1.0p49 and in 2.0.0p39 (EOL) allows attacker to get potentially sensitive data
network
low complexity
checkmk CWE-200
7.5
2024-09-23 CVE-2024-8606 Incorrect Authorization vulnerability in Checkmk 2.2.0/2.3.0
Bypass of two factor authentication in RestAPI in Checkmk < 2.3.0p16 and < 2.2.0p34 allows authenticated users to bypass two factor authentication
network
low complexity
checkmk CWE-863
8.8
2024-09-02 CVE-2024-38858 Cross-site Scripting vulnerability in Checkmk
Improper neutralization of input in Checkmk before version 2.3.0p14 allows attackers to inject and run malicious scripts in the Robotmk logs view.
network
low complexity
checkmk CWE-79
6.1
2024-07-22 CVE-2024-6542 Unspecified vulnerability in Checkmk 2.0.0/2.1.0/2.2.0
Improper neutralization of livestatus command delimiters in mknotifyd in Checkmk <= 2.0.0p39, < 2.1.0p47, < 2.2.0p32 and < 2.3.0p11 allows arbitrary livestatus command execution.
network
low complexity
checkmk
6.5
2024-07-10 CVE-2024-28828 Cross-Site Request Forgery (CSRF) vulnerability in Checkmk 2.0.0/2.1.0/2.2.0
Cross-Site request forgery in Checkmk < 2.3.0p8, < 2.2.0p29, < 2.1.0p45, and <= 2.0.0p39 (EOL) could lead to 1-click compromize of the site.
network
low complexity
checkmk CWE-352
8.8
2024-07-08 CVE-2024-6163 Authentication Bypass by Spoofing vulnerability in Checkmk
Certain http endpoints of Checkmk in Checkmk < 2.3.0p10 < 2.2.0p31, < 2.1.0p46, <= 2.0.0p39 allows remote attacker to bypass authentication and access data
network
low complexity
checkmk CWE-290
5.3
2024-07-03 CVE-2024-6052 Cross-site Scripting vulnerability in Checkmk
Stored XSS in Checkmk before versions 2.3.0p8, 2.2.0p29, 2.1.0p45, and 2.0.0 (EOL) allows users to execute arbitrary scripts by injecting HTML elements
network
low complexity
checkmk CWE-79
5.4
2024-06-17 CVE-2024-5741 Cross-site Scripting vulnerability in Checkmk
Stored XSS in inventory tree rendering in Checkmk before 2.3.0p7, 2.2.0p28, 2.1.0p45 and 2.0.0 (EOL)
network
low complexity
checkmk CWE-79
5.4
2024-06-10 CVE-2024-28833 Improper Restriction of Excessive Authentication Attempts vulnerability in Checkmk 2.3.0
Improper restriction of excessive authentication attempts with two factor authentication methods in Checkmk 2.3 before 2.3.0p6 facilitates brute-forcing of second factor mechanisms.
network
low complexity
checkmk CWE-307
7.5
2024-01-12 CVE-2023-31211 Always-Incorrect Control Flow Implementation vulnerability in multiple products
Insufficient authentication flow in Checkmk before 2.2.0p18, 2.1.0p38 and 2.0.0p39 allows attacker to use locked credentials
network
low complexity
tribe29 checkmk CWE-670
6.5