Vulnerabilities > Checkmk > High

DATE CVE VULNERABILITY TITLE RISK
2024-10-14 CVE-2024-38863 Unspecified vulnerability in Checkmk 2.1.0/2.2.0
Exposure of CSRF tokens in query parameters on specific requests in Checkmk GmbH's Checkmk versions <2.3.0p18, <2.2.0p35 and <2.1.0p48 could lead to a leak of the token to facilitate targeted phishing attacks.
network
low complexity
checkmk
7.5
2024-10-10 CVE-2024-6747 Information Exposure vulnerability in Checkmk 2.1.0/2.2.0
Information leakage in mknotifyd in Checkmk before 2.3.0p18, 2.2.0p36, 2.1.0p49 and in 2.0.0p39 (EOL) allows attacker to get potentially sensitive data
network
low complexity
checkmk CWE-200
7.5
2024-09-23 CVE-2024-8606 Incorrect Authorization vulnerability in Checkmk 2.2.0/2.3.0
Bypass of two factor authentication in RestAPI in Checkmk < 2.3.0p16 and < 2.2.0p34 allows authenticated users to bypass two factor authentication
network
low complexity
checkmk CWE-863
8.8
2024-08-20 CVE-2024-28829 Unspecified vulnerability in Checkmk 2.1.0/2.2.0/2.3.0
Least privilege violation and reliance on untrusted inputs in the mk_informix Checkmk agent plugin before Checkmk 2.3.0p12, 2.2.0p32, 2.1.0p47 and 2.0.0 (EOL) allows local users to escalate privileges.
local
low complexity
checkmk
7.8
2024-07-10 CVE-2024-28827 Incorrect Permission Assignment for Critical Resource vulnerability in Checkmk
Incorrect permissions on the Checkmk Windows Agent's data directory in Checkmk < 2.3.0p8, < 2.2.0p29, < 2.1.0p45, and <= 2.0.0p39 (EOL) allows a local attacker to gain SYSTEM privileges.
local
low complexity
checkmk CWE-732
7.8
2024-07-10 CVE-2024-28828 Cross-Site Request Forgery (CSRF) vulnerability in Checkmk 2.0.0/2.1.0
Cross-Site request forgery in Checkmk < 2.3.0p8, < 2.2.0p29, < 2.1.0p45, and <= 2.0.0p39 (EOL) could lead to 1-click compromize of the site.
network
low complexity
checkmk CWE-352
8.8
2024-06-10 CVE-2024-28833 Improper Restriction of Excessive Authentication Attempts vulnerability in Checkmk 2.3.0
Improper restriction of excessive authentication attempts with two factor authentication methods in Checkmk 2.3 before 2.3.0p6 facilitates brute-forcing of second factor mechanisms.
network
low complexity
checkmk CWE-307
7.5
2024-05-29 CVE-2024-28826 Externally Controlled Reference to a Resource in Another Sphere vulnerability in Checkmk
Improper restriction of local upload and download paths in check_sftp in Checkmk before 2.3.0p4, 2.2.0p27, 2.1.0p44, and in Checkmk 2.0.0 (EOL) allows attackers with sufficient permissions to configure the check to read and write local files on the Checkmk site server.
network
low complexity
checkmk CWE-610
8.1
2024-03-22 CVE-2024-28824 Unspecified vulnerability in Checkmk
Least privilege violation and reliance on untrusted inputs in the mk_informix Checkmk agent plugin before Checkmk 2.3.0b4 (beta), 2.2.0p24, 2.1.0p41 and 2.0.0 (EOL) allows local users to escalate privileges.
local
low complexity
checkmk
7.8
2024-03-11 CVE-2024-0670 Uncontrolled Search Path Element vulnerability in Checkmk 2.0.0/2.1.0
Privilege escalation in windows agent plugin in Checkmk before 2.2.0p23, 2.1.0p40 and 2.0.0 (EOL) allows local user to escalate privileges
local
low complexity
checkmk CWE-427
7.8