Vulnerabilities > Checkmk > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2024-06-25 | CVE-2024-28832 | Cross-site Scripting vulnerability in Checkmk Stored XSS in the Crash Report page in Checkmk before versions 2.3.0p7, 2.2.0p28, 2.1.0p45, and 2.0.0 (EOL) allows users with permission to change Global Settings to execute arbitrary scripts by injecting HTML elements into the Crash Report URL in the Global Settings. | 4.8 |
2024-06-17 | CVE-2024-5741 | Cross-site Scripting vulnerability in Checkmk Stored XSS in inventory tree rendering in Checkmk before 2.3.0p7, 2.2.0p28, 2.1.0p45 and 2.0.0 (EOL) | 5.4 |
2024-04-16 | CVE-2024-3367 | Argument Injection or Modification vulnerability in Checkmk Argument injection in websphere_mq agent plugin in Checkmk 2.0.0, 2.1.0, <2.2.0p26 and <2.3.0b5 allows local attacker to inject one argument to runmqsc | 5.5 |
2024-04-05 | CVE-2024-2380 | Cross-site Scripting vulnerability in Checkmk 2.3.0 Stored XSS in graph rendering in Checkmk <2.3.0b4. | 5.4 |
2024-03-22 | CVE-2024-0638 | Unspecified vulnerability in Checkmk Least privilege violation in the Checkmk agent plugins mk_oracle, mk_oracle.ps1, and mk_oracle_crs before Checkmk 2.3.0b4 (beta), 2.2.0p24, 2.1.0p41 and 2.0.0 (EOL) allows local users to escalate privileges. | 6.7 |
2024-01-12 | CVE-2023-31211 | Always-Incorrect Control Flow Implementation vulnerability in multiple products Insufficient authentication flow in Checkmk before 2.2.0p18, 2.1.0p38 and 2.0.0p39 allows attacker to use locked credentials | 6.5 |
2023-08-01 | CVE-2023-23548 | Cross-site Scripting vulnerability in Checkmk Reflected XSS in business intelligence in Checkmk <2.2.0p8, <2.1.0p32, <2.0.0p38, <=1.6.0p30. | 6.1 |
2023-06-26 | CVE-2023-22359 | Unspecified vulnerability in Checkmk 2.2.0 User enumeration in Checkmk <=2.2.0p4 allows an authenticated attacker to enumerate usernames. | 4.3 |
2023-05-17 | CVE-2023-22348 | Improper Authorization in RestAPI in Checkmk GmbH's Checkmk versions <2.1.0p28 and <2.2.0b8 allows remote authenticated users to read arbitrary host_configs. | 4.3 |
2023-05-02 | CVE-2023-31207 | Information Exposure Through Log Files vulnerability in Checkmk 2.0.0/2.1.0 Transmission of credentials within query parameters in Checkmk <= 2.1.0p26, <= 2.0.0p35, and <= 2.2.0b6 (beta) may cause the automation user's secret to be written to the site Apache access log. | 5.5 |