Vulnerabilities > Tribe29
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-04-18 | CVE-2023-22307 | Exposure of Resource to Wrong Sphere vulnerability in Tribe29 Checkmk Appliance Firmware Sensitive data exposure in Webconf in Tribe29 Checkmk Appliance before 1.6.4 allows local attacker to retrieve passwords via reading log files. | 5.5 |
| 2023-04-04 | CVE-2023-1768 | Inappropriate error handling in Tribe29 Checkmk <= 2.1.0p25, <= 2.0.0p34, <= 2.2.0b3 (beta), and all versions of Checkmk 1.6.0 causes the symmetric encryption of agent data to fail silently and transmit the data in plaintext in certain configurations. | 5.3 |
| 2023-03-20 | CVE-2023-22288 | Cross-site Scripting vulnerability in multiple products HTML Email Injection in Tribe29 Checkmk <=2.1.0p23; <=2.0.0p34, and all versions of Checkmk 1.6.0 allows an authenticated attacker to inject malicious HTML into Emails | 5.4 |
| 2023-01-26 | CVE-2023-0284 | Improper Input Validation vulnerability in multiple products Improper Input Validation of LDAP user IDs in Tribe29 Checkmk allows attackers that can control LDAP user IDs to manipulate files on the server. | 8.1 |
| 2022-06-17 | CVE-2022-33912 | Incorrect Default Permissions vulnerability in multiple products A permission issue affects users that deployed the shipped version of the Checkmk Debian package. | 7.8 |
| 2022-05-20 | CVE-2022-31258 | Link Following vulnerability in multiple products In Checkmk before 1.6.0p29, 2.x before 2.0.0p25, and 2.1.x before 2.1.0b10, a site user can escalate to root by editing an OMD hook symlink. | 6.7 |
| 2022-03-25 | CVE-2021-40905 | Unrestricted Upload of File with Dangerous Type vulnerability in multiple products The web management console of CheckMK Enterprise Edition (versions 1.5.0 to 2.0.0p9) does not properly sanitise the uploading of ".mkp" files, which are Extension Packages, making remote code execution possible. | 8.8 |
| 2022-03-25 | CVE-2021-40906 | Cross-site Scripting vulnerability in multiple products CheckMK Raw Edition software (versions 1.5.0 to 1.6.0) does not sanitise the input of a web service parameter that is in an unauthenticated zone. | 6.1 |