Vulnerabilities > Tribe29 > Checkmk
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-05-20 | CVE-2022-31258 | Link Following vulnerability in Tribe29 Checkmk In Checkmk before 1.6.0p29, 2.x before 2.0.0p25, and 2.1.x before 2.1.0b10, a site user can escalate to root by editing an OMD hook symlink. | 7.2 |
| 2022-03-25 | CVE-2021-40904 | Incorrect Default Permissions vulnerability in Tribe29 Checkmk 1.5.0 The web management console of CheckMK Raw Edition (versions 1.5.0 to 1.6.0) allows a misconfiguration of the web-app Dokuwiki (installed by default), which allows embedded php code. | 6.8 |
| 2022-03-25 | CVE-2021-40905 | Unrestricted Upload of File with Dangerous Type vulnerability in Tribe29 Checkmk The web management console of CheckMK Enterprise Edition (versions 1.5.0 to 2.0.0p9) does not properly sanitise the uploading of ".mkp" files, which are Extension Packages, making remote code execution possible. | 8.8 |
| 2022-03-25 | CVE-2021-40906 | Cross-site Scripting vulnerability in Tribe29 Checkmk CheckMK Raw Edition software (versions 1.5.0 to 1.6.0) does not sanitise the input of a web service parameter that is in an unauthenticated zone. | 4.3 |
| 2022-02-24 | CVE-2022-24565 | Cross-site Scripting vulnerability in Tribe29 Checkmk 1.6.0/2.0.0 Checkmk <=2.0.0p19 Fixed in 2.0.0p20 and Checkmk <=1.6.0p27 Fixed in 1.6.0p28 are affected by a Cross Site Scripting (XSS) vulnerability. | 3.5 |
| 2022-02-24 | CVE-2022-24566 | Cross-site Scripting vulnerability in Tribe29 Checkmk 1.6.0/2.0.0 In Checkmk <=2.0.0p19 fixed in 2.0.0p20 and Checkmk <=1.6.0p27 fixed in 1.6.0p28, the title of a Predefined condition is not properly escaped when shown as condition, which can result in Cross Site Scripting (XSS). | 3.5 |
| 2022-02-21 | CVE-2022-24564 | Cross-site Scripting vulnerability in Tribe29 Checkmk 2.0.0 Checkmk <=2.0.0p19 contains a Cross Site Scripting (XSS) vulnerability. | 4.3 |
| 2022-01-15 | CVE-2020-28919 | Cross-site Scripting vulnerability in Tribe29 Checkmk 1.6.0 A stored cross site scripting (XSS) vulnerability in Checkmk 1.6.0x prior to 1.6.0p19 allows an authenticated remote attacker to inject arbitrary JavaScript via a javascript: URL in a view title. | 3.5 |
| 2021-02-19 | CVE-2020-24908 | Unspecified vulnerability in Tribe29 Checkmk Checkmk before 1.6.0p17 allows local users to obtain SYSTEM privileges via a Trojan horse shell script in the %PROGRAMDATA%\checkmk\agent\local directory. | 7.2 |
| 2017-10-02 | CVE-2017-14955 | Race Condition vulnerability in Tribe29 Checkmk Check_MK before 1.2.8p26 mishandles certain errors within the failed-login save feature because of a race condition, which allows remote attackers to obtain sensitive user information by reading a GUI crash report. | 4.3 |