Vulnerabilities > Checkmk > Checkmk
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-10-10 | CVE-2024-6747 | Information Exposure vulnerability in Checkmk 2.1.0/2.2.0 Information leakage in mknotifyd in Checkmk before 2.3.0p18, 2.2.0p36, 2.1.0p49 and in 2.0.0p39 (EOL) allows attacker to get potentially sensitive data | 7.5 |
| 2024-09-23 | CVE-2024-8606 | Incorrect Authorization vulnerability in Checkmk 2.2.0/2.3.0 Bypass of two factor authentication in RestAPI in Checkmk < 2.3.0p16 and < 2.2.0p34 allows authenticated users to bypass two factor authentication | 8.8 |
| 2024-09-02 | CVE-2024-38858 | Cross-site Scripting vulnerability in Checkmk Improper neutralization of input in Checkmk before version 2.3.0p14 allows attackers to inject and run malicious scripts in the Robotmk logs view. | 6.1 |
| 2024-07-22 | CVE-2024-6542 | Unspecified vulnerability in Checkmk 2.0.0/2.1.0/2.2.0 Improper neutralization of livestatus command delimiters in mknotifyd in Checkmk <= 2.0.0p39, < 2.1.0p47, < 2.2.0p32 and < 2.3.0p11 allows arbitrary livestatus command execution. | 6.5 |
| 2024-07-10 | CVE-2024-28828 | Cross-Site Request Forgery (CSRF) vulnerability in Checkmk 2.0.0/2.1.0/2.2.0 Cross-Site request forgery in Checkmk < 2.3.0p8, < 2.2.0p29, < 2.1.0p45, and <= 2.0.0p39 (EOL) could lead to 1-click compromize of the site. | 8.8 |
| 2024-07-08 | CVE-2024-6163 | Authentication Bypass by Spoofing vulnerability in Checkmk Certain http endpoints of Checkmk in Checkmk < 2.3.0p10 < 2.2.0p31, < 2.1.0p46, <= 2.0.0p39 allows remote attacker to bypass authentication and access data | 5.3 |
| 2024-07-03 | CVE-2024-6052 | Cross-site Scripting vulnerability in Checkmk Stored XSS in Checkmk before versions 2.3.0p8, 2.2.0p29, 2.1.0p45, and 2.0.0 (EOL) allows users to execute arbitrary scripts by injecting HTML elements | 5.4 |
| 2024-06-17 | CVE-2024-5741 | Cross-site Scripting vulnerability in Checkmk Stored XSS in inventory tree rendering in Checkmk before 2.3.0p7, 2.2.0p28, 2.1.0p45 and 2.0.0 (EOL) | 5.4 |
| 2024-06-10 | CVE-2024-28833 | Improper Restriction of Excessive Authentication Attempts vulnerability in Checkmk 2.3.0 Improper restriction of excessive authentication attempts with two factor authentication methods in Checkmk 2.3 before 2.3.0p6 facilitates brute-forcing of second factor mechanisms. | 7.5 |
| 2024-01-12 | CVE-2023-31211 | Always-Incorrect Control Flow Implementation vulnerability in multiple products Insufficient authentication flow in Checkmk before 2.2.0p18, 2.1.0p38 and 2.0.0p39 allows attacker to use locked credentials | 6.5 |