Vulnerabilities > Tribe29 > Checkmk > 2.2.0
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-06-26 | CVE-2023-22359 | Unspecified vulnerability in Tribe29 Checkmk 2.2.0 User enumeration in Checkmk <=2.2.0p4 allows an authenticated attacker to enumerate usernames. | 4.3 |
| 2023-05-17 | CVE-2023-22348 | Unspecified vulnerability in Tribe29 Checkmk Improper Authorization in RestAPI in Checkmk GmbH's Checkmk versions <2.1.0p28 and <2.2.0b8 allows remote authenticated users to read arbitrary host_configs. | 4.3 |
| 2023-05-17 | CVE-2023-31208 | Command Injection vulnerability in Tribe29 Checkmk Improper neutralization of livestatus command delimiters in the RestAPI in Checkmk < 2.0.0p36, < 2.1.0p28, and < 2.2.0b8 (beta) allows arbitrary livestatus command execution for authorized users. | 8.8 |
| 2023-05-02 | CVE-2023-31207 | Information Exposure Through Log Files vulnerability in Tribe29 Checkmk 2.0.0/2.1.0 Transmission of credentials within query parameters in Checkmk <= 2.1.0p26, <= 2.0.0p35, and <= 2.2.0b6 (beta) may cause the automation user's secret to be written to the site Apache access log. | 5.5 |
| 2023-04-18 | CVE-2023-2020 | Incorrect Authorization vulnerability in Tribe29 Checkmk 2.1.0/2.2.0 Insufficient permission checks in the REST API in Tribe29 Checkmk <= 2.1.0p27 and <= 2.2.0b4 (beta) allow unauthorized users to schedule downtimes for any host. | 4.3 |
| 2022-06-17 | CVE-2022-33912 | Incorrect Default Permissions vulnerability in Tribe29 Checkmk A permission issue affects users that deployed the shipped version of the Checkmk Debian package. | 7.2 |