Vulnerabilities > Checkmk > Medium

DATE CVE VULNERABILITY TITLE RISK
2024-09-02 CVE-2024-38858 Cross-site Scripting vulnerability in Checkmk
Improper neutralization of input in Checkmk before version 2.3.0p14 allows attackers to inject and run malicious scripts in the Robotmk logs view.
network
low complexity
checkmk CWE-79
6.1
2024-07-22 CVE-2024-6542 Unspecified vulnerability in Checkmk 2.0.0/2.1.0/2.2.0
Improper neutralization of livestatus command delimiters in mknotifyd in Checkmk <= 2.0.0p39, < 2.1.0p47, < 2.2.0p32 and < 2.3.0p11 allows arbitrary livestatus command execution.
network
low complexity
checkmk
6.5
2024-07-08 CVE-2024-6163 Authentication Bypass by Spoofing vulnerability in Checkmk
Certain http endpoints of Checkmk in Checkmk < 2.3.0p10 < 2.2.0p31, < 2.1.0p46, <= 2.0.0p39 allows remote attacker to bypass authentication and access data
network
low complexity
checkmk CWE-290
5.3
2024-07-03 CVE-2024-6052 Cross-site Scripting vulnerability in Checkmk
Stored XSS in Checkmk before versions 2.3.0p8, 2.2.0p29, 2.1.0p45, and 2.0.0 (EOL) allows users to execute arbitrary scripts by injecting HTML elements
network
low complexity
checkmk CWE-79
5.4
2024-06-17 CVE-2024-5741 Cross-site Scripting vulnerability in Checkmk
Stored XSS in inventory tree rendering in Checkmk before 2.3.0p7, 2.2.0p28, 2.1.0p45 and 2.0.0 (EOL)
network
low complexity
checkmk CWE-79
5.4
2024-01-12 CVE-2023-31211 Always-Incorrect Control Flow Implementation vulnerability in multiple products
Insufficient authentication flow in Checkmk before 2.2.0p18, 2.1.0p38 and 2.0.0p39 allows attacker to use locked credentials
network
low complexity
tribe29 checkmk CWE-670
6.5
2023-08-01 CVE-2023-23548 Cross-site Scripting vulnerability in Checkmk
Reflected XSS in business intelligence in Checkmk <2.2.0p8, <2.1.0p32, <2.0.0p38, <=1.6.0p30.
network
low complexity
checkmk CWE-79
6.1
2023-06-26 CVE-2023-22359 Unspecified vulnerability in Checkmk 2.2.0
User enumeration in Checkmk <=2.2.0p4 allows an authenticated attacker to enumerate usernames.
network
low complexity
checkmk
4.3
2023-05-17 CVE-2023-22348 Improper Authorization in RestAPI in Checkmk GmbH's Checkmk versions <2.1.0p28 and <2.2.0b8 allows remote authenticated users to read arbitrary host_configs.
network
low complexity
tribe29 checkmk
4.3
2023-05-02 CVE-2023-31207 Information Exposure Through Log Files vulnerability in Checkmk 2.0.0/2.1.0
Transmission of credentials within query parameters in Checkmk <= 2.1.0p26, <= 2.0.0p35, and <= 2.2.0b6 (beta) may cause the automation user's secret to be written to the site Apache access log.
local
low complexity
checkmk CWE-532
5.5