Vulnerabilities > Tribe29 > Checkmk > 1.6.0
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-01-12 | CVE-2023-31211 | Always-Incorrect Control Flow Implementation vulnerability in Tribe29 Checkmk Insufficient authentication flow in Checkmk before 2.2.0p18, 2.1.0p38 and 2.0.0p39 allows attacker to use locked credentials | 6.5 |
| 2024-01-12 | CVE-2023-6735 | Improper Privilege Management vulnerability in Tribe29 Checkmk Privilege escalation in mk_tsm agent plugin in Checkmk before 2.2.0p18, 2.1.0p38 and 2.0.0p39 allows local user to escalate privileges | 7.8 |
| 2024-01-12 | CVE-2023-6740 | Improper Privilege Management vulnerability in Tribe29 Checkmk Privilege escalation in jar_signature agent plugin in Checkmk before 2.2.0p18, 2.1.0p38 and 2.0.0p39 allows local user to escalate privileges | 7.8 |
| 2023-08-10 | CVE-2023-31209 | Injection vulnerability in Tribe29 Checkmk Improper neutralization of active check command arguments in Checkmk < 2.1.0p32, < 2.0.0p38, < 2.2.0p4 leads to arbitrary command execution for authenticated users. | 8.8 |
| 2023-08-01 | CVE-2023-23548 | Cross-site Scripting vulnerability in Tribe29 Checkmk Reflected XSS in business intelligence in Checkmk <2.2.0p8, <2.1.0p32, <2.0.0p38, <=1.6.0p30. | 6.1 |
| 2023-05-17 | CVE-2023-22348 | Unspecified vulnerability in Tribe29 Checkmk Improper Authorization in RestAPI in Checkmk GmbH's Checkmk versions <2.1.0p28 and <2.2.0b8 allows remote authenticated users to read arbitrary host_configs. | 4.3 |
| 2023-05-17 | CVE-2023-31208 | Command Injection vulnerability in Tribe29 Checkmk Improper neutralization of livestatus command delimiters in the RestAPI in Checkmk < 2.0.0p36, < 2.1.0p28, and < 2.2.0b8 (beta) allows arbitrary livestatus command execution for authorized users. | 8.8 |
| 2023-04-20 | CVE-2022-46302 | Inclusion of Functionality from Untrusted Control Sphere vulnerability in Tribe29 Checkmk 1.6.0/2.0.0 Broad access controls could allow site users to directly interact with the system Apache installation when providing the reverse proxy configurations for Tribe29's Checkmk <= 2.1.0p6, Checkmk <= 2.0.0p27, and all versions of Checkmk 1.6.0 (EOL) allowing an attacker to perform remote code execution with root privileges on the underlying host. | 8.8 |
| 2023-04-18 | CVE-2023-22294 | Incorrect Permission Assignment for Critical Resource vulnerability in Tribe29 Checkmk Privilege escalation in Tribe29 Checkmk Appliance before 1.6.4 allows authenticated site users to escalate privileges via incorrectly set permissions. | 8.8 |
| 2023-03-20 | CVE-2023-22288 | Cross-site Scripting vulnerability in Tribe29 Checkmk HTML Email Injection in Tribe29 Checkmk <=2.1.0p23; <=2.0.0p34, and all versions of Checkmk 1.6.0 allows an authenticated attacker to inject malicious HTML into Emails | 5.4 |