Vulnerabilities > Checkmk > High

DATE CVE VULNERABILITY TITLE RISK
2024-10-10 CVE-2024-6747 Information Exposure vulnerability in Checkmk 2.1.0/2.2.0
Information leakage in mknotifyd in Checkmk before 2.3.0p18, 2.2.0p36, 2.1.0p49 and in 2.0.0p39 (EOL) allows attacker to get potentially sensitive data
network
low complexity
checkmk CWE-200
7.5
2024-09-23 CVE-2024-8606 Incorrect Authorization vulnerability in Checkmk 2.2.0/2.3.0
Bypass of two factor authentication in RestAPI in Checkmk < 2.3.0p16 and < 2.2.0p34 allows authenticated users to bypass two factor authentication
network
low complexity
checkmk CWE-863
8.8
2024-07-10 CVE-2024-28828 Cross-Site Request Forgery (CSRF) vulnerability in Checkmk 2.0.0/2.1.0/2.2.0
Cross-Site request forgery in Checkmk < 2.3.0p8, < 2.2.0p29, < 2.1.0p45, and <= 2.0.0p39 (EOL) could lead to 1-click compromize of the site.
network
low complexity
checkmk CWE-352
8.8
2024-06-10 CVE-2024-28833 Improper Restriction of Excessive Authentication Attempts vulnerability in Checkmk 2.3.0
Improper restriction of excessive authentication attempts with two factor authentication methods in Checkmk 2.3 before 2.3.0p6 facilitates brute-forcing of second factor mechanisms.
network
low complexity
checkmk CWE-307
7.5
2024-01-12 CVE-2023-6735 Improper Privilege Management vulnerability in multiple products
Privilege escalation in mk_tsm agent plugin in Checkmk before 2.2.0p18, 2.1.0p38 and 2.0.0p39 allows local user to escalate privileges
local
low complexity
tribe29 checkmk CWE-269
7.8
2024-01-12 CVE-2023-6740 Improper Privilege Management vulnerability in multiple products
Privilege escalation in jar_signature agent plugin in Checkmk before 2.2.0p18, 2.1.0p38 and 2.0.0p39 allows local user to escalate privileges
local
low complexity
tribe29 checkmk CWE-269
7.8
2023-12-13 CVE-2023-31210 Uncontrolled Search Path Element vulnerability in Checkmk 2.2.0
Usage of user controlled LD_LIBRARY_PATH in agent in Checkmk 2.2.0p10 up to 2.2.0p16 allows malicious Checkmk site user to escalate rights via injection of malicious libraries
local
low complexity
checkmk CWE-427
7.8
2023-11-22 CVE-2023-6156 Unspecified vulnerability in Checkmk 2.0.0/2.1.0/2.2.0
Improper neutralization of livestatus command delimiters in the availability timeline in Checkmk <= 2.0.0p39, < 2.1.0p37, and < 2.2.0p15 allows arbitrary livestatus command execution for authorized users.
network
low complexity
checkmk
8.8
2023-11-22 CVE-2023-6157 Unspecified vulnerability in Checkmk 2.0.0/2.1.0/2.2.0
Improper neutralization of livestatus command delimiters in ajax_search in Checkmk <= 2.0.0p39, < 2.1.0p37, and < 2.2.0p15 allows arbitrary livestatus command execution for authorized users.
network
low complexity
checkmk
8.8
2023-08-10 CVE-2023-31209 Injection vulnerability in multiple products
Improper neutralization of active check command arguments in Checkmk < 2.1.0p32, < 2.0.0p38, < 2.2.0p4 leads to arbitrary command execution for authenticated users.
network
low complexity
tribe29 checkmk CWE-74
8.8