Vulnerabilities > Tribe29
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-02-09 | CVE-2022-43440 | Uncontrolled Search Path Element vulnerability in Tribe29 Checkmk Uncontrolled Search Path Element in Checkmk Agent in Tribe29 Checkmk before 2.1.0p1, before 2.0.0p25 and before 1.6.0p29 on a Checkmk server allows the site user to escalate privileges via a manipulated unixcat executable | 7.8 |
2023-01-26 | CVE-2023-0284 | Improper Input Validation vulnerability in Tribe29 Checkmk Improper Input Validation of LDAP user IDs in Tribe29 Checkmk allows attackers that can control LDAP user IDs to manipulate files on the server. | 8.1 |
2023-01-09 | CVE-2022-4884 | Path Traversal vulnerability in Tribe29 Checkmk 2.0.0/2.1.0 Path-Traversal in MKP storing in Tribe29 Checkmk <=2.0.0p32 and <= 2.1.0p18 allows an administrator to write mkp files to arbitrary locations via a malicious mkp file. | 4.9 |
2022-06-17 | CVE-2022-33912 | Incorrect Default Permissions vulnerability in Tribe29 Checkmk A permission issue affects users that deployed the shipped version of the Checkmk Debian package. | 7.2 |
2022-05-20 | CVE-2022-31258 | Link Following vulnerability in Tribe29 Checkmk In Checkmk before 1.6.0p29, 2.x before 2.0.0p25, and 2.1.x before 2.1.0b10, a site user can escalate to root by editing an OMD hook symlink. | 7.2 |
2022-03-25 | CVE-2021-40904 | Incorrect Default Permissions vulnerability in Tribe29 Checkmk 1.5.0 The web management console of CheckMK Raw Edition (versions 1.5.0 to 1.6.0) allows a misconfiguration of the web-app Dokuwiki (installed by default), which allows embedded php code. | 6.8 |
2022-03-25 | CVE-2021-40905 | Unrestricted Upload of File with Dangerous Type vulnerability in Tribe29 Checkmk The web management console of CheckMK Enterprise Edition (versions 1.5.0 to 2.0.0p9) does not properly sanitise the uploading of ".mkp" files, which are Extension Packages, making remote code execution possible. | 8.8 |
2022-03-25 | CVE-2021-40906 | Cross-site Scripting vulnerability in Tribe29 Checkmk CheckMK Raw Edition software (versions 1.5.0 to 1.6.0) does not sanitise the input of a web service parameter that is in an unauthenticated zone. | 4.3 |
2022-02-24 | CVE-2022-24565 | Cross-site Scripting vulnerability in Tribe29 Checkmk 1.6.0/2.0.0 Checkmk <=2.0.0p19 Fixed in 2.0.0p20 and Checkmk <=1.6.0p27 Fixed in 1.6.0p28 are affected by a Cross Site Scripting (XSS) vulnerability. | 3.5 |
2022-02-24 | CVE-2022-24566 | Cross-site Scripting vulnerability in Tribe29 Checkmk 1.6.0/2.0.0 In Checkmk <=2.0.0p19 fixed in 2.0.0p20 and Checkmk <=1.6.0p27 fixed in 1.6.0p28, the title of a Predefined condition is not properly escaped when shown as condition, which can result in Cross Site Scripting (XSS). | 3.5 |