Vulnerabilities > Tribe29

DATE CVE VULNERABILITY TITLE RISK
2023-04-18 CVE-2023-22307 Exposure of Resource to Wrong Sphere vulnerability in Tribe29 Checkmk Appliance Firmware
Sensitive data exposure in Webconf in Tribe29 Checkmk Appliance before 1.6.4 allows local attacker to retrieve passwords via reading log files.
local
low complexity
tribe29 CWE-668
5.5
2023-04-04 CVE-2023-1768 Inappropriate error handling in Tribe29 Checkmk <= 2.1.0p25, <= 2.0.0p34, <= 2.2.0b3 (beta), and all versions of Checkmk 1.6.0 causes the symmetric encryption of agent data to fail silently and transmit the data in plaintext in certain configurations.
network
low complexity
tribe29 checkmk
5.3
2023-03-20 CVE-2023-22288 Cross-site Scripting vulnerability in multiple products
HTML Email Injection in Tribe29 Checkmk <=2.1.0p23; <=2.0.0p34, and all versions of Checkmk 1.6.0 allows an authenticated attacker to inject malicious HTML into Emails
network
low complexity
tribe29 checkmk CWE-79
5.4
2023-01-26 CVE-2023-0284 Improper Input Validation vulnerability in multiple products
Improper Input Validation of LDAP user IDs in Tribe29 Checkmk allows attackers that can control LDAP user IDs to manipulate files on the server.
network
low complexity
tribe29 checkmk CWE-20
8.1
2022-06-17 CVE-2022-33912 Incorrect Default Permissions vulnerability in multiple products
A permission issue affects users that deployed the shipped version of the Checkmk Debian package.
local
low complexity
tribe29 checkmk CWE-276
7.8
2022-05-20 CVE-2022-31258 Link Following vulnerability in multiple products
In Checkmk before 1.6.0p29, 2.x before 2.0.0p25, and 2.1.x before 2.1.0b10, a site user can escalate to root by editing an OMD hook symlink.
local
low complexity
tribe29 checkmk CWE-59
6.7
2022-03-25 CVE-2021-40905 Unrestricted Upload of File with Dangerous Type vulnerability in multiple products
The web management console of CheckMK Enterprise Edition (versions 1.5.0 to 2.0.0p9) does not properly sanitise the uploading of ".mkp" files, which are Extension Packages, making remote code execution possible.
network
low complexity
tribe29 checkmk CWE-434
8.8
2022-03-25 CVE-2021-40906 Cross-site Scripting vulnerability in multiple products
CheckMK Raw Edition software (versions 1.5.0 to 1.6.0) does not sanitise the input of a web service parameter that is in an unauthenticated zone.
network
low complexity
tribe29 checkmk CWE-79
6.1