Vulnerabilities > Tribe29

DATE CVE VULNERABILITY TITLE RISK
2024-01-12 CVE-2023-31211 Always-Incorrect Control Flow Implementation vulnerability in multiple products
Insufficient authentication flow in Checkmk before 2.2.0p18, 2.1.0p38 and 2.0.0p39 allows attacker to use locked credentials
network
low complexity
tribe29 checkmk CWE-670
6.5
2024-01-12 CVE-2023-6735 Improper Privilege Management vulnerability in multiple products
Privilege escalation in mk_tsm agent plugin in Checkmk before 2.2.0p18, 2.1.0p38 and 2.0.0p39 allows local user to escalate privileges
local
low complexity
tribe29 checkmk CWE-269
7.8
2024-01-12 CVE-2023-6740 Improper Privilege Management vulnerability in multiple products
Privilege escalation in jar_signature agent plugin in Checkmk before 2.2.0p18, 2.1.0p38 and 2.0.0p39 allows local user to escalate privileges
local
low complexity
tribe29 checkmk CWE-269
7.8
2023-11-27 CVE-2023-6287 Information Exposure Through Log Files vulnerability in Tribe29 Checkmk Appliance Firmware
Sensitive data exposure in Webconf in Tribe29 Checkmk Appliance before 1.6.8 allows local attacker to retrieve passwords via reading log files.
local
low complexity
tribe29 CWE-532
5.5
2023-08-10 CVE-2023-31209 Injection vulnerability in multiple products
Improper neutralization of active check command arguments in Checkmk < 2.1.0p32, < 2.0.0p38, < 2.2.0p4 leads to arbitrary command execution for authenticated users.
network
low complexity
tribe29 checkmk CWE-74
8.8
2023-05-17 CVE-2023-22348 Improper Authorization in RestAPI in Checkmk GmbH's Checkmk versions <2.1.0p28 and <2.2.0b8 allows remote authenticated users to read arbitrary host_configs.
network
low complexity
tribe29 checkmk
4.3
2023-05-17 CVE-2023-31208 Command Injection vulnerability in multiple products
Improper neutralization of livestatus command delimiters in the RestAPI in Checkmk < 2.0.0p36, < 2.1.0p28, and < 2.2.0b8 (beta) allows arbitrary livestatus command execution for authorized users.
network
low complexity
tribe29 checkmk CWE-77
8.8
2023-05-15 CVE-2023-22318 Improper Locking vulnerability in Tribe29 Checkmk Appliance Firmware
Denial of service in Webconf in Tribe29 Checkmk Appliance before 1.6.5.
network
low complexity
tribe29 CWE-667
7.5
2023-04-20 CVE-2023-22309 Cross-site Scripting vulnerability in Tribe29 Checkmk Appliance Firmware
Reflective Cross-Site-Scripting in Webconf in Tribe29 Checkmk Appliance before 1.6.4.
network
low complexity
tribe29 CWE-79
6.1
2023-04-18 CVE-2023-22294 Incorrect Permission Assignment for Critical Resource vulnerability in Tribe29 Checkmk
Privilege escalation in Tribe29 Checkmk Appliance before 1.6.4 allows authenticated site users to escalate privileges via incorrectly set permissions.
network
low complexity
tribe29 CWE-732
8.8