Vulnerabilities > Tribe29 > Checkmk > 1.2.8
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-01-12 | CVE-2023-31211 | Always-Incorrect Control Flow Implementation vulnerability in multiple products Insufficient authentication flow in Checkmk before 2.2.0p18, 2.1.0p38 and 2.0.0p39 allows attacker to use locked credentials | 6.5 |
| 2024-01-12 | CVE-2023-6735 | Improper Privilege Management vulnerability in multiple products Privilege escalation in mk_tsm agent plugin in Checkmk before 2.2.0p18, 2.1.0p38 and 2.0.0p39 allows local user to escalate privileges | 7.8 |
| 2024-01-12 | CVE-2023-6740 | Improper Privilege Management vulnerability in multiple products Privilege escalation in jar_signature agent plugin in Checkmk before 2.2.0p18, 2.1.0p38 and 2.0.0p39 allows local user to escalate privileges | 7.8 |
| 2023-08-10 | CVE-2023-31209 | Injection vulnerability in multiple products Improper neutralization of active check command arguments in Checkmk < 2.1.0p32, < 2.0.0p38, < 2.2.0p4 leads to arbitrary command execution for authenticated users. | 8.8 |
| 2023-05-17 | CVE-2023-22348 | Improper Authorization in RestAPI in Checkmk GmbH's Checkmk versions <2.1.0p28 and <2.2.0b8 allows remote authenticated users to read arbitrary host_configs. | 4.3 |
| 2023-05-17 | CVE-2023-31208 | Command Injection vulnerability in multiple products Improper neutralization of livestatus command delimiters in the RestAPI in Checkmk < 2.0.0p36, < 2.1.0p28, and < 2.2.0b8 (beta) allows arbitrary livestatus command execution for authorized users. | 8.8 |
| 2023-04-18 | CVE-2023-22294 | Incorrect Permission Assignment for Critical Resource vulnerability in Tribe29 Checkmk Privilege escalation in Tribe29 Checkmk Appliance before 1.6.4 allows authenticated site users to escalate privileges via incorrectly set permissions. | 8.8 |