Vulnerabilities > Checkmk > Checkmk > Medium

DATE CVE VULNERABILITY TITLE RISK
2023-04-18 CVE-2023-2020 Incorrect Authorization vulnerability in Checkmk 2.1.0/2.2.0
Insufficient permission checks in the REST API in Tribe29 Checkmk <= 2.1.0p27 and <= 2.2.0b4 (beta) allow unauthorized users to schedule downtimes for any host.
network
low complexity
checkmk CWE-863
4.3
2023-04-04 CVE-2023-1768 Inappropriate error handling in Tribe29 Checkmk <= 2.1.0p25, <= 2.0.0p34, <= 2.2.0b3 (beta), and all versions of Checkmk 1.6.0 causes the symmetric encryption of agent data to fail silently and transmit the data in plaintext in certain configurations.
network
low complexity
tribe29 checkmk
5.3
2023-03-20 CVE-2023-22288 Cross-site Scripting vulnerability in multiple products
HTML Email Injection in Tribe29 Checkmk <=2.1.0p23; <=2.0.0p34, and all versions of Checkmk 1.6.0 allows an authenticated attacker to inject malicious HTML into Emails
network
low complexity
tribe29 checkmk CWE-79
5.4
2023-02-20 CVE-2022-48318 Missing Authorization vulnerability in Checkmk 2.0.0/2.1.0
No authorisation controls in the RestAPI documentation for Tribe29's Checkmk <= 2.1.0p13 and Checkmk <= 2.0.0p29 which may lead to unintended information disclosure through automatically generated user specific tags within Rest API documentation.
network
low complexity
checkmk CWE-862
5.3
2023-02-20 CVE-2022-48319 Information Exposure Through Log Files vulnerability in Checkmk 2.0.0/2.1.0
Sensitive host secret disclosed in cmk-update-agent.log file in Tribe29's Checkmk <= 2.1.0p13, Checkmk <= 2.0.0p29, and all versions of Checkmk 1.6.0 (EOL) allows an attacker to gain access to the host secret through the unprotected agent updater log file.
local
low complexity
checkmk CWE-532
5.5
2023-02-20 CVE-2022-48320 Cross-Site Request Forgery (CSRF) vulnerability in Checkmk 2.0.0/2.1.0
Cross-site Request Forgery (CSRF) in Tribe29's Checkmk <= 2.1.0p17, Checkmk <= 2.0.0p31, and all versions of Checkmk 1.6.0 (EOL) allow an attacker to add new visual elements to multiple pages.
network
low complexity
checkmk CWE-352
4.3
2023-01-09 CVE-2022-4884 Path Traversal vulnerability in Checkmk 2.0.0/2.1.0
Path-Traversal in MKP storing in Tribe29 Checkmk <=2.0.0p32 and <= 2.1.0p18 allows an administrator to write mkp files to arbitrary locations via a malicious mkp file.
network
low complexity
checkmk CWE-22
4.9
2022-05-20 CVE-2022-31258 Link Following vulnerability in multiple products
In Checkmk before 1.6.0p29, 2.x before 2.0.0p25, and 2.1.x before 2.1.0b10, a site user can escalate to root by editing an OMD hook symlink.
local
low complexity
tribe29 checkmk CWE-59
6.7
2022-03-25 CVE-2021-40906 Cross-site Scripting vulnerability in multiple products
CheckMK Raw Edition software (versions 1.5.0 to 1.6.0) does not sanitise the input of a web service parameter that is in an unauthenticated zone.
network
low complexity
tribe29 checkmk CWE-79
6.1
2022-02-24 CVE-2022-24565 Cross-site Scripting vulnerability in Checkmk 1.6.0/2.0.0
Checkmk <=2.0.0p19 Fixed in 2.0.0p20 and Checkmk <=1.6.0p27 Fixed in 1.6.0p28 are affected by a Cross Site Scripting (XSS) vulnerability.
network
low complexity
checkmk CWE-79
5.4