Vulnerabilities > Tribe29
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-05-17 | CVE-2023-22348 | Unspecified vulnerability in Tribe29 Checkmk Improper Authorization in RestAPI in Checkmk GmbH's Checkmk versions <2.1.0p28 and <2.2.0b8 allows remote authenticated users to read arbitrary host_configs. | 4.3 |
| 2023-05-17 | CVE-2023-31208 | Command Injection vulnerability in Tribe29 Checkmk Improper neutralization of livestatus command delimiters in the RestAPI in Checkmk < 2.0.0p36, < 2.1.0p28, and < 2.2.0b8 (beta) allows arbitrary livestatus command execution for authorized users. | 8.8 |
| 2023-05-15 | CVE-2023-22318 | Improper Locking vulnerability in Tribe29 Checkmk Appliance Firmware Denial of service in Webconf in Tribe29 Checkmk Appliance before 1.6.5. | 7.5 |
| 2023-05-02 | CVE-2023-31207 | Information Exposure Through Log Files vulnerability in Tribe29 Checkmk 2.0.0/2.1.0 Transmission of credentials within query parameters in Checkmk <= 2.1.0p26, <= 2.0.0p35, and <= 2.2.0b6 (beta) may cause the automation user's secret to be written to the site Apache access log. | 5.5 |
| 2023-04-20 | CVE-2022-46302 | Inclusion of Functionality from Untrusted Control Sphere vulnerability in Tribe29 Checkmk 1.6.0/2.0.0 Broad access controls could allow site users to directly interact with the system Apache installation when providing the reverse proxy configurations for Tribe29's Checkmk <= 2.1.0p6, Checkmk <= 2.0.0p27, and all versions of Checkmk 1.6.0 (EOL) allowing an attacker to perform remote code execution with root privileges on the underlying host. | 8.8 |
| 2023-04-20 | CVE-2023-22309 | Cross-site Scripting vulnerability in Tribe29 Checkmk Appliance Firmware Reflective Cross-Site-Scripting in Webconf in Tribe29 Checkmk Appliance before 1.6.4. | 6.1 |
| 2023-04-18 | CVE-2023-22294 | Incorrect Permission Assignment for Critical Resource vulnerability in Tribe29 Checkmk Privilege escalation in Tribe29 Checkmk Appliance before 1.6.4 allows authenticated site users to escalate privileges via incorrectly set permissions. | 8.8 |
| 2023-04-18 | CVE-2023-22307 | Exposure of Resource to Wrong Sphere vulnerability in Tribe29 Checkmk Appliance Firmware Sensitive data exposure in Webconf in Tribe29 Checkmk Appliance before 1.6.4 allows local attacker to retrieve passwords via reading log files. | 5.5 |
| 2023-04-18 | CVE-2023-2020 | Incorrect Authorization vulnerability in Tribe29 Checkmk 2.1.0/2.2.0 Insufficient permission checks in the REST API in Tribe29 Checkmk <= 2.1.0p27 and <= 2.2.0b4 (beta) allow unauthorized users to schedule downtimes for any host. | 4.3 |
| 2023-03-20 | CVE-2023-22288 | Cross-site Scripting vulnerability in Tribe29 Checkmk HTML Email Injection in Tribe29 Checkmk <=2.1.0p23; <=2.0.0p34, and all versions of Checkmk 1.6.0 allows an authenticated attacker to inject malicious HTML into Emails | 5.4 |