Vulnerabilities > Checkmk > Checkmk > Low

DATE CVE VULNERABILITY TITLE RISK
2024-06-26 CVE-2024-28830 Information Exposure Through Log Files vulnerability in Checkmk
Insertion of Sensitive Information into Log File in Checkmk GmbH's Checkmk versions <2.3.0p7, <2.2.0p28, <2.1.0p45 and <=2.0.0p39 (EOL) causes automation user secrets to be written to audit log files accessible to administrators.
network
low complexity
checkmk CWE-532
2.7
2024-03-22 CVE-2024-1742 Unspecified vulnerability in Checkmk
Invocation of the sqlplus command with sensitive information in the command line in the mk_oracle Checkmk agent plugin before Checkmk 2.3.0b4 (beta), 2.2.0p24, 2.1.0p41 and 2.0.0 (EOL) allows the extraction of this information from the process list.
local
low complexity
checkmk
3.3
2023-11-24 CVE-2023-6251 Cross-Site Request Forgery (CSRF) vulnerability in Checkmk 2.0.0/2.1.0/2.2.0
Cross-site Request Forgery (CSRF) in Checkmk < 2.2.0p15, < 2.1.0p37, <= 2.0.0p39 allow an authenticated attacker to delete user-messages for individual users.
network
low complexity
checkmk CWE-352
3.5
2023-11-15 CVE-2023-23549 Unspecified vulnerability in Checkmk 2.0.0/2.1.0/2.2.0
Improper Input Validation in Checkmk <2.2.0p15, <2.1.0p37, <=2.0.0p39 allows priviledged attackers to cause partial denial of service of the UI via too long hostnames.
network
low complexity
checkmk
2.7
2023-02-20 CVE-2022-48321 Server-Side Request Forgery (SSRF) vulnerability in Checkmk 2.1.0
Limited Server-Side Request Forgery (SSRF) in agent-receiver in Tribe29's Checkmk <= 2.1.0p11 allows an attacker to communicate with local network restricted endpoints by use of the host registration API.
local
low complexity
checkmk CWE-918
3.3