Vulnerabilities > Checkmk > Checkmk > Low
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2024-06-26 | CVE-2024-28830 | Information Exposure Through Log Files vulnerability in Checkmk Insertion of Sensitive Information into Log File in Checkmk GmbH's Checkmk versions <2.3.0p7, <2.2.0p28, <2.1.0p45 and <=2.0.0p39 (EOL) causes automation user secrets to be written to audit log files accessible to administrators. | 2.7 |
2024-03-22 | CVE-2024-1742 | Unspecified vulnerability in Checkmk Invocation of the sqlplus command with sensitive information in the command line in the mk_oracle Checkmk agent plugin before Checkmk 2.3.0b4 (beta), 2.2.0p24, 2.1.0p41 and 2.0.0 (EOL) allows the extraction of this information from the process list. | 3.3 |
2023-11-24 | CVE-2023-6251 | Cross-Site Request Forgery (CSRF) vulnerability in Checkmk 2.0.0/2.1.0/2.2.0 Cross-site Request Forgery (CSRF) in Checkmk < 2.2.0p15, < 2.1.0p37, <= 2.0.0p39 allow an authenticated attacker to delete user-messages for individual users. | 3.5 |
2023-11-15 | CVE-2023-23549 | Unspecified vulnerability in Checkmk 2.0.0/2.1.0/2.2.0 Improper Input Validation in Checkmk <2.2.0p15, <2.1.0p37, <=2.0.0p39 allows priviledged attackers to cause partial denial of service of the UI via too long hostnames. | 2.7 |
2023-02-20 | CVE-2022-48321 | Server-Side Request Forgery (SSRF) vulnerability in Checkmk 2.1.0 Limited Server-Side Request Forgery (SSRF) in agent-receiver in Tribe29's Checkmk <= 2.1.0p11 allows an attacker to communicate with local network restricted endpoints by use of the host registration API. | 3.3 |