Vulnerabilities > Tribe29 > Checkmk > 1.6.0b11

DATE CVE VULNERABILITY TITLE RISK
2022-05-20 CVE-2022-31258 Link Following vulnerability in Tribe29 Checkmk
In Checkmk before 1.6.0p29, 2.x before 2.0.0p25, and 2.1.x before 2.1.0b10, a site user can escalate to root by editing an OMD hook symlink.
local
low complexity
tribe29 CWE-59
7.2
2022-03-25 CVE-2021-40905 Unrestricted Upload of File with Dangerous Type vulnerability in Tribe29 Checkmk
The web management console of CheckMK Enterprise Edition (versions 1.5.0 to 2.0.0p9) does not properly sanitise the uploading of ".mkp" files, which are Extension Packages, making remote code execution possible.
network
low complexity
tribe29 CWE-434
8.8
2022-03-25 CVE-2021-40906 Cross-site Scripting vulnerability in Tribe29 Checkmk
CheckMK Raw Edition software (versions 1.5.0 to 1.6.0) does not sanitise the input of a web service parameter that is in an unauthenticated zone.
network
tribe29 CWE-79
4.3