Vulnerabilities > Checkmk > Checkmk > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2024-11-29 | CVE-2024-47094 | Information Exposure Through Log Files vulnerability in Checkmk 2.1.0/2.2.0/2.3.0 Insertion of Sensitive Information into Log File in Checkmk GmbH's Checkmk versions <2.3.0p22, <2.2.0p37, <2.1.0p50 (EOL) causes remote site secrets to be written to web log files accessible to local site users. | 5.5 |
2024-10-14 | CVE-2024-38862 | Information Exposure Through Log Files vulnerability in Checkmk 2.1.0/2.2.0 Insertion of Sensitive Information into Log File in Checkmk GmbH's Checkmk versions <2.3.0p18, <2.2.0p35, <2.1.0p48 and <=2.0.0p39 (EOL) causes SNMP and IMPI secrets of host and folder properties to be written to audit log files accessible to administrators. | 4.4 |
2024-09-17 | CVE-2024-38860 | Cross-site Scripting vulnerability in Checkmk 2.2.0/2.3.0 Improper neutralization of input in Checkmk before versions 2.3.0p16 and 2.2.0p34 allows attackers to craft malicious links that can facilitate phishing attacks. | 6.1 |
2024-09-02 | CVE-2024-38858 | Cross-site Scripting vulnerability in Checkmk Improper neutralization of input in Checkmk before version 2.3.0p14 allows attackers to inject and run malicious scripts in the Robotmk logs view. | 6.1 |
2024-08-26 | CVE-2024-38859 | Cross-site Scripting vulnerability in Checkmk 2.1.0/2.2.0/2.3.0 XSS in the view page with the SLA column configured in Checkmk versions prior to 2.3.0p14, 2.2.0p33, 2.1.0p47 and 2.0.0 (EOL) allowed malicious users to execute arbitrary scripts by injecting HTML elements into the SLA column title. | 6.1 |
2024-07-22 | CVE-2024-6542 | Unspecified vulnerability in Checkmk 2.0.0/2.1.0/2.2.0 Improper neutralization of livestatus command delimiters in mknotifyd in Checkmk <= 2.0.0p39, < 2.1.0p47, < 2.2.0p32 and < 2.3.0p11 allows arbitrary livestatus command execution. | 6.5 |
2024-07-08 | CVE-2024-6163 | Authentication Bypass by Spoofing vulnerability in Checkmk Certain http endpoints of Checkmk in Checkmk < 2.3.0p10 < 2.2.0p31, < 2.1.0p46, <= 2.0.0p39 allows remote attacker to bypass authentication and access data | 5.3 |
2024-07-03 | CVE-2024-6052 | Cross-site Scripting vulnerability in Checkmk Stored XSS in Checkmk before versions 2.3.0p8, 2.2.0p29, 2.1.0p45, and 2.0.0 (EOL) allows users to execute arbitrary scripts by injecting HTML elements | 5.4 |
2024-07-02 | CVE-2024-38857 | Cross-site Scripting vulnerability in Checkmk Improper neutralization of input in Checkmk before versions 2.3.0p8, 2.2.0p28, 2.1.0p45, and 2.0.0 (EOL) allows attackers to craft malicious links that can facilitate phishing attacks. | 6.1 |
2024-06-25 | CVE-2024-28831 | Cross-site Scripting vulnerability in Checkmk Stored XSS in some confirmation pop-ups in Checkmk before versions 2.3.0p7 and 2.2.0p28 allows Checkmk users to execute arbitrary scripts by injecting HTML elements into some user input fields that are shown in a confirmation pop-up. | 5.4 |