All the vulnerabilites related to Checkmk GmbH - Checkmk
cve-2024-28829
Vulnerability from cvelistv5
Published
2024-08-20 09:29
Modified
2024-08-21 19:37
Severity ?
EPSS score ?
Summary
Least privilege violation and reliance on untrusted inputs in the mk_informix Checkmk agent plugin before Checkmk 2.3.0p12, 2.2.0p32, 2.1.0p47 and 2.0.0 (EOL) allows local users to escalate privileges.
References
▼ | URL | Tags |
---|---|---|
https://checkmk.com/werk/16249 |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Checkmk GmbH | Checkmk |
Version: 2.3.0 ≤ Version: 2.2.0 ≤ Version: 2.1.0 ≤ Version: 2.0.0 ≤ 2.0.0p39 |
|
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:a:checkmk:checkmk:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "checkmk", "vendor": "checkmk", "versions": [ { "lessThan": "2.3.0p12", "status": "affected", "version": "2.3.0", "versionType": "custom" }, { "lessThan": "2.2.0p32", "status": "affected", "version": "2.2.0", "versionType": "custom" }, { "lessThan": "2.1.0p47", "status": "affected", "version": "2.1.0", "versionType": "custom" }, { "lessThanOrEqual": "2.0.0p39", "status": "affected", "version": "2.0.0", "versionType": "custom" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2024-28829", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-08-21T19:30:50.880166Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-08-21T19:37:32.708Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Checkmk", "vendor": "Checkmk GmbH", "versions": [ { "lessThan": "2.3.0p12", "status": "affected", "version": "2.3.0", "versionType": "semver" }, { "lessThan": "2.2.0p32", "status": "affected", "version": "2.2.0", "versionType": "semver" }, { "lessThan": "2.1.0p47", "status": "affected", "version": "2.1.0", "versionType": "semver" }, { "lessThanOrEqual": "2.0.0p39", "status": "affected", "version": "2.0.0", "versionType": "semver" } ] } ], "descriptions": [ { "lang": "en", "value": "Least privilege violation and reliance on untrusted inputs in the mk_informix Checkmk agent plugin before Checkmk 2.3.0p12, 2.2.0p32, 2.1.0p47 and 2.0.0 (EOL) allows local users to escalate privileges." } ], "impacts": [ { "capecId": "CAPEC-233", "descriptions": [ { "lang": "en", "value": "CAPEC-233 Privilege Escalation" } ] } ], "metrics": [ { "cvssV4_0": { "baseScore": 5.2, "baseSeverity": "MEDIUM", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:L/VI:L/VA:L/SC:H/SI:H/SA:H", "version": "4.0" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-272", "description": "CWE-272: Least Privilege Violation", "lang": "en", "type": "CWE" }, { "cweId": "CWE-807", "description": "CWE-807: Reliance on Untrusted Inputs in a Security Decision", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-08-20T09:29:26.474Z", "orgId": "f7d6281c-4801-44ce-ace2-493291dedb0f", "shortName": "Checkmk" }, "references": [ { "url": "https://checkmk.com/werk/16249" } ], "title": "Privilege escalation in mk_informix plugin" } }, "cveMetadata": { "assignerOrgId": "f7d6281c-4801-44ce-ace2-493291dedb0f", "assignerShortName": "Checkmk", "cveId": "CVE-2024-28829", "datePublished": "2024-08-20T09:29:26.474Z", "dateReserved": "2024-03-11T13:21:43.122Z", "dateUpdated": "2024-08-21T19:37:32.708Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-22348
Vulnerability from cvelistv5
Published
2023-05-17 15:51
Modified
2024-08-02 10:07
Severity ?
EPSS score ?
Summary
Improper Authorization in RestAPI in Checkmk GmbH's Checkmk versions <2.1.0p28 and <2.2.0b8 allows remote authenticated users to read arbitrary host_configs.
References
▼ | URL | Tags |
---|---|---|
https://checkmk.com/werk/13982 |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Checkmk GmbH | Checkmk |
Version: 2.2.0 ≤ Version: 2.1.0 ≤ |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T10:07:06.244Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://checkmk.com/werk/13982" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Checkmk", "vendor": "Checkmk GmbH", "versions": [ { "lessThan": "2.2.0b8", "status": "affected", "version": "2.2.0", "versionType": "semver" }, { "lessThan": "2.1.0p28", "status": "affected", "version": "2.1.0", "versionType": "semver" } ] } ], "descriptions": [ { "lang": "en", "value": "Improper Authorization in RestAPI in Checkmk GmbH\u0027s Checkmk versions \u003c2.1.0p28 and \u003c2.2.0b8 allows remote authenticated users to read arbitrary host_configs." } ], "impacts": [ { "capecId": "CAPEC-54", "descriptions": [ { "lang": "en", "value": "CAPEC-54: Query System for Information" } ] } ], "metrics": [ { "cvssV3_1": { "baseScore": 4.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-285", "description": "CWE-285: Improper Authorization", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-05-17T15:51:54.376Z", "orgId": "f7d6281c-4801-44ce-ace2-493291dedb0f", "shortName": "Tribe29" }, "references": [ { "url": "https://checkmk.com/werk/13982" } ], "title": "Reading host_configs does not honour contact groups" } }, "cveMetadata": { "assignerOrgId": "f7d6281c-4801-44ce-ace2-493291dedb0f", "assignerShortName": "Tribe29", "cveId": "CVE-2023-22348", "datePublished": "2023-05-17T15:51:54.376Z", "dateReserved": "2023-01-18T15:32:06.534Z", "dateUpdated": "2024-08-02T10:07:06.244Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-2380
Vulnerability from cvelistv5
Published
2024-04-05 13:01
Modified
2024-08-01 19:11
Severity ?
EPSS score ?
Summary
Stored XSS in graph rendering in Checkmk <2.3.0b4.
References
▼ | URL | Tags |
---|---|---|
https://checkmk.com/werk/16618 |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Checkmk GmbH | Checkmk |
Version: 2.3.0 ≤ |
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-2380", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-04-05T17:29:18.718110Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-07-05T17:21:29.162Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-01T19:11:53.480Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://checkmk.com/werk/16618" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Checkmk", "vendor": "Checkmk GmbH", "versions": [ { "lessThan": "2.3.0b4", "status": "affected", "version": "2.3.0", "versionType": "semver" } ] } ], "descriptions": [ { "lang": "en", "value": "Stored XSS in graph rendering in Checkmk \u003c2.3.0b4." } ], "impacts": [ { "capecId": "CAPEC-592", "descriptions": [ { "lang": "en", "value": "CAPEC-592: Stored XSS" } ] } ], "metrics": [ { "cvssV3_1": { "baseScore": 4.6, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-80", "description": "CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-04-05T13:01:08.382Z", "orgId": "f7d6281c-4801-44ce-ace2-493291dedb0f", "shortName": "Checkmk" }, "references": [ { "url": "https://checkmk.com/werk/16618" } ], "title": "XSS in graph rendering" } }, "cveMetadata": { "assignerOrgId": "f7d6281c-4801-44ce-ace2-493291dedb0f", "assignerShortName": "Checkmk", "cveId": "CVE-2024-2380", "datePublished": "2024-04-05T13:01:08.382Z", "dateReserved": "2024-03-11T14:51:50.296Z", "dateUpdated": "2024-08-01T19:11:53.480Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-6740
Vulnerability from cvelistv5
Published
2024-01-12 07:50
Modified
2024-08-02 08:42
Severity ?
EPSS score ?
Summary
Privilege escalation in jar_signature agent plugin in Checkmk before 2.2.0p18, 2.1.0p38 and 2.0.0p39 allows local user to escalate privileges
References
▼ | URL | Tags |
---|---|---|
https://checkmk.com/werk/16163 |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Checkmk GmbH | Checkmk |
Version: 2.2.0 ≤ Version: 2.1.0 ≤ Version: 2.0.0 ≤ 2.0.0p39 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T08:42:07.176Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://checkmk.com/werk/16163" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Checkmk", "vendor": "Checkmk GmbH", "versions": [ { "lessThan": "2.2.0p18", "status": "affected", "version": "2.2.0", "versionType": "semver" }, { "lessThan": "2.1.0p38", "status": "affected", "version": "2.1.0", "versionType": "semver" }, { "lessThanOrEqual": "2.0.0p39", "status": "affected", "version": "2.0.0", "versionType": "semver" } ] } ], "descriptions": [ { "lang": "en", "value": "Privilege escalation in jar_signature agent plugin in Checkmk before 2.2.0p18, 2.1.0p38 and 2.0.0p39 allows local user to escalate privileges" } ], "impacts": [ { "capecId": "CAPEC-233", "descriptions": [ { "lang": "en", "value": "CAPEC-233 Privilege Escalation" } ] } ], "metrics": [ { "cvssV3_1": { "baseScore": 8.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-427", "description": "CWE-427 Uncontrolled Search Path Element", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-01-12T14:04:33.614Z", "orgId": "f7d6281c-4801-44ce-ace2-493291dedb0f", "shortName": "Checkmk" }, "references": [ { "url": "https://checkmk.com/werk/16163" } ], "title": "Privilege escalation in jar_signature" } }, "cveMetadata": { "assignerOrgId": "f7d6281c-4801-44ce-ace2-493291dedb0f", "assignerShortName": "Checkmk", "cveId": "CVE-2023-6740", "datePublished": "2024-01-12T07:50:20.076Z", "dateReserved": "2023-12-12T15:55:03.221Z", "dateUpdated": "2024-08-02T08:42:07.176Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-38864
Vulnerability from cvelistv5
Published
2024-12-19 16:07
Modified
2024-12-20 20:16
Severity ?
EPSS score ?
Summary
Incorrect permissions on the Checkmk Windows Agent's data directory in Checkmk < 2.3.0p23, < 2.2.0p38 and <= 2.1.0p49 (EOL) allows a local attacker to read sensitive data.
References
▼ | URL | Tags |
---|---|---|
https://checkmk.com/werk/17098 |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Checkmk GmbH | Checkmk |
Version: 2.3.0 ≤ Version: 2.2.0 ≤ Version: 2.1.0 ≤ |
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-38864", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-12-20T20:16:39.273383Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-12-20T20:16:55.606Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Checkmk", "vendor": "Checkmk GmbH", "versions": [ { "lessThan": "2.3.0p23", "status": "affected", "version": "2.3.0", "versionType": "semver" }, { "lessThan": "2.2.0p38", "status": "affected", "version": "2.2.0", "versionType": "semver" }, { "lessThan": "2.1.0p50", "status": "affected", "version": "2.1.0", "versionType": "semver" } ] } ], "descriptions": [ { "lang": "en", "value": "Incorrect permissions on the Checkmk Windows Agent\u0027s data directory in Checkmk \u003c 2.3.0p23, \u003c 2.2.0p38 and \u003c= 2.1.0p49 (EOL) allows a local attacker to read sensitive data." } ], "impacts": [ { "capecId": "CAPEC-560", "descriptions": [ { "lang": "en", "value": "CAPEC-560: Use of Known Domain Credentials" } ] } ], "metrics": [ { "cvssV4_0": { "baseScore": 4.8, "baseSeverity": "MEDIUM", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:L/SI:L/SA:N", "version": "4.0" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-732", "description": "CWE-732: Incorrect Permission Assignment for Critical Resource", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-12-19T16:07:13.213Z", "orgId": "f7d6281c-4801-44ce-ace2-493291dedb0f", "shortName": "Checkmk" }, "references": [ { "url": "https://checkmk.com/werk/17098" } ], "title": "User-Readable Private Key in Windows Agent" } }, "cveMetadata": { "assignerOrgId": "f7d6281c-4801-44ce-ace2-493291dedb0f", "assignerShortName": "Checkmk", "cveId": "CVE-2024-38864", "datePublished": "2024-12-19T16:07:13.213Z", "dateReserved": "2024-06-20T10:03:09.178Z", "dateUpdated": "2024-12-20T20:16:55.606Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-6572
Vulnerability from cvelistv5
Published
2024-09-09 09:39
Modified
2024-09-09 13:03
Severity ?
EPSS score ?
Summary
Improper host key checking in active check 'Check SFTP Service' and special agent 'VNX quotas and filesystem' in Checkmk before Checkmk 2.3.0p15, 2.2.0p33, 2.1.0p48 and 2.0.0 (EOL) allows man-in-the-middle attackers to intercept traffic
References
▼ | URL | Tags |
---|---|---|
https://checkmk.com/werk/17148 |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Checkmk GmbH | Checkmk |
Version: 2.3.0 ≤ Version: 2.2.0 ≤ Version: 2.1.0 ≤ Version: 2.0.0 ≤ 2.0.0p39 |
|
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:a:checkmk:checkmk:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "checkmk", "vendor": "checkmk", "versions": [ { "lessThan": "2.3.0p15", "status": "affected", "version": "2.3.0", "versionType": "semver" }, { "lessThan": "2.2.0p33", "status": "affected", "version": "2.2.0", "versionType": "semver" }, { "lessThan": "2.1.0p48", "status": "affected", "version": "2.1.0", "versionType": "semver" }, { "lessThanOrEqual": "2.0.0p39", "status": "affected", "version": "2.0.0", "versionType": "semver" } ] } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.4, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.1" } }, { "other": { "content": { "id": "CVE-2024-6572", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-09-09T12:57:41.533717Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-09-09T13:03:22.065Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Checkmk", "vendor": "Checkmk GmbH", "versions": [ { "lessThan": "2.3.0p15", "status": "affected", "version": "2.3.0", "versionType": "semver" }, { "lessThan": "2.2.0p33", "status": "affected", "version": "2.2.0", "versionType": "semver" }, { "lessThan": "2.1.0p48", "status": "affected", "version": "2.1.0", "versionType": "semver" }, { "lessThanOrEqual": "2.0.0p39", "status": "affected", "version": "2.0.0", "versionType": "semver" } ] } ], "descriptions": [ { "lang": "en", "value": "Improper host key checking in active check \u0027Check SFTP Service\u0027 and special agent \u0027VNX quotas and filesystem\u0027 in Checkmk before Checkmk 2.3.0p15, 2.2.0p33, 2.1.0p48 and 2.0.0 (EOL) allows man-in-the-middle attackers to intercept traffic" } ], "impacts": [ { "capecId": "CAPEC-94", "descriptions": [ { "lang": "en", "value": "CAPEC-94: Adversary in the Middle (AiTM)" } ] } ], "metrics": [ { "cvssV4_0": { "baseScore": 6.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:L/SA:N", "version": "4.0" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-322", "description": "CWE-322: Key Exchange without Entity Authentication", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-09-09T09:39:17.769Z", "orgId": "f7d6281c-4801-44ce-ace2-493291dedb0f", "shortName": "Checkmk" }, "references": [ { "url": "https://checkmk.com/werk/17148" } ], "title": "Improper host key checking in active check \u0027Check SFTP Service\u0027 and special agent \u0027VNX quotas and filesystem\u0027" } }, "cveMetadata": { "assignerOrgId": "f7d6281c-4801-44ce-ace2-493291dedb0f", "assignerShortName": "Checkmk", "cveId": "CVE-2024-6572", "datePublished": "2024-09-09T09:39:17.769Z", "dateReserved": "2024-07-08T15:50:02.376Z", "dateUpdated": "2024-09-09T13:03:22.065Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-6735
Vulnerability from cvelistv5
Published
2024-01-12 07:50
Modified
2024-08-26 09:48
Severity ?
EPSS score ?
Summary
Privilege escalation in mk_tsm agent plugin in Checkmk before 2.2.0p18, 2.1.0p38 and 2.0.0p39 allows local user to escalate privileges
References
▼ | URL | Tags |
---|---|---|
https://checkmk.com/werk/16273 |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Checkmk GmbH | Checkmk |
Version: 2.2.0 ≤ Version: 2.1.0 ≤ Version: 2.0.0 ≤ 2.0.0p39 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T08:35:14.884Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://checkmk.com/werk/16273" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Checkmk", "vendor": "Checkmk GmbH", "versions": [ { "lessThan": "2.2.0p18", "status": "affected", "version": "2.2.0", "versionType": "semver" }, { "lessThan": "2.1.0p38", "status": "affected", "version": "2.1.0", "versionType": "semver" }, { "lessThanOrEqual": "2.0.0p39", "status": "affected", "version": "2.0.0", "versionType": "semver" } ] } ], "descriptions": [ { "lang": "en", "value": "Privilege escalation in mk_tsm agent plugin in Checkmk before 2.2.0p18, 2.1.0p38 and 2.0.0p39 allows local user to escalate privileges" } ], "impacts": [ { "capecId": "CAPEC-233", "descriptions": [ { "lang": "en", "value": "CAPEC-233 Privilege Escalation" } ] } ], "metrics": [ { "cvssV3_1": { "baseScore": 8.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-95", "description": "CWE-95: Improper Neutralization of Directives in Dynamically Evaluated Code (\u0027Eval Injection\u0027)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-08-26T09:48:15.939Z", "orgId": "f7d6281c-4801-44ce-ace2-493291dedb0f", "shortName": "Checkmk" }, "references": [ { "url": "https://checkmk.com/werk/16273" } ], "title": "Privilege escalation in mk_tsm" } }, "cveMetadata": { "assignerOrgId": "f7d6281c-4801-44ce-ace2-493291dedb0f", "assignerShortName": "Checkmk", "cveId": "CVE-2023-6735", "datePublished": "2024-01-12T07:50:05.450Z", "dateReserved": "2023-12-12T15:27:34.769Z", "dateUpdated": "2024-08-26T09:48:15.939Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-23549
Vulnerability from cvelistv5
Published
2023-11-15 11:07
Modified
2024-08-28 20:25
Severity ?
EPSS score ?
Summary
Improper Input Validation in Checkmk <2.2.0p15, <2.1.0p37, <=2.0.0p39 allows priviledged attackers to cause partial denial of service of the UI via too long hostnames.
References
▼ | URL | Tags |
---|---|---|
https://checkmk.com/werk/16219 |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Checkmk GmbH | Checkmk |
Version: 2.2.0 ≤ Version: 2.1.0 ≤ Version: 2.0.0 ≤ 2.0.0p39 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T10:35:32.832Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://checkmk.com/werk/16219" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2023-23549", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-08-28T20:24:38.414790Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-08-28T20:25:01.313Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Checkmk", "vendor": "Checkmk GmbH", "versions": [ { "lessThan": "2.2.0p15", "status": "affected", "version": "2.2.0", "versionType": "semver" }, { "lessThan": "2.1.0p37", "status": "affected", "version": "2.1.0", "versionType": "semver" }, { "lessThanOrEqual": "2.0.0p39", "status": "affected", "version": "2.0.0", "versionType": "semver" } ] } ], "descriptions": [ { "lang": "en", "value": "Improper Input Validation in Checkmk \u003c2.2.0p15, \u003c2.1.0p37, \u003c=2.0.0p39 allows priviledged attackers to cause partial denial of service of the UI via too long hostnames." } ], "impacts": [ { "capecId": "CAPEC-153", "descriptions": [ { "lang": "en", "value": "CAPEC-153: Input Data Manipulation" } ] } ], "metrics": [ { "cvssV3_1": { "baseScore": 2.7, "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-1284", "description": "CWE-1284: Improper Validation of Specified Quantity in Input", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-08-26T09:46:35.181Z", "orgId": "f7d6281c-4801-44ce-ace2-493291dedb0f", "shortName": "Checkmk" }, "references": [ { "url": "https://checkmk.com/werk/16219" } ], "title": "DoS via long hostnames" } }, "cveMetadata": { "assignerOrgId": "f7d6281c-4801-44ce-ace2-493291dedb0f", "assignerShortName": "Checkmk", "cveId": "CVE-2023-23549", "datePublished": "2023-11-15T11:07:28.671Z", "dateReserved": "2023-01-18T15:32:06.511Z", "dateUpdated": "2024-08-28T20:25:01.313Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-47094
Vulnerability from cvelistv5
Published
2024-11-29 09:52
Modified
2024-11-29 13:25
Severity ?
EPSS score ?
Summary
Insertion of Sensitive Information into Log File in Checkmk GmbH's Checkmk versions <2.3.0p22, <2.2.0p37, <2.1.0p50 (EOL) causes remote site secrets to be written to web log files accessible to local site users.
References
▼ | URL | Tags |
---|---|---|
https://checkmk.com/werk/17342 |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Checkmk GmbH | Checkmk |
Version: 2.3.0 ≤ Version: 2.2.0 ≤ Version: 2.1.0 ≤ |
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-47094", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-11-29T13:25:45.942135Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-11-29T13:25:59.389Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Checkmk", "vendor": "Checkmk GmbH", "versions": [ { "lessThan": "2.3.0p22", "status": "affected", "version": "2.3.0", "versionType": "semver" }, { "lessThan": "2.2.0p37", "status": "affected", "version": "2.2.0", "versionType": "semver" }, { "lessThan": "2.1.0p50", "status": "affected", "version": "2.1.0", "versionType": "semver" } ] } ], "descriptions": [ { "lang": "en", "value": "Insertion of Sensitive Information into Log File in Checkmk GmbH\u0027s Checkmk versions \u003c2.3.0p22, \u003c2.2.0p37, \u003c2.1.0p50 (EOL) causes remote site secrets to be written to web log files accessible to local site users." } ], "impacts": [ { "capecId": "CAPEC-560", "descriptions": [ { "lang": "en", "value": "CAPEC-560: Use of Known Domain Credentials" } ] } ], "metrics": [ { "cvssV4_0": { "baseScore": 5.7, "baseSeverity": "MEDIUM", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N", "version": "4.0" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-532", "description": "CWE-532: Insertion of Sensitive Information into Log File", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-11-29T09:52:18.988Z", "orgId": "f7d6281c-4801-44ce-ace2-493291dedb0f", "shortName": "Checkmk" }, "references": [ { "url": "https://checkmk.com/werk/17342" } ], "title": "Logging of sitesecret to automations log" } }, "cveMetadata": { "assignerOrgId": "f7d6281c-4801-44ce-ace2-493291dedb0f", "assignerShortName": "Checkmk", "cveId": "CVE-2024-47094", "datePublished": "2024-11-29T09:52:18.988Z", "dateReserved": "2024-09-18T11:38:53.583Z", "dateUpdated": "2024-11-29T13:25:59.389Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-31211
Vulnerability from cvelistv5
Published
2024-01-12 07:49
Modified
2024-08-26 09:47
Severity ?
EPSS score ?
Summary
Insufficient authentication flow in Checkmk before 2.2.0p18, 2.1.0p38 and 2.0.0p39 allows attacker to use locked credentials
References
▼ | URL | Tags |
---|---|---|
https://checkmk.com/werk/16227 |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Checkmk GmbH | Checkmk |
Version: 2.2.0 ≤ Version: 2.1.0 ≤ Version: 2.0.0 ≤ 2.0.0p39 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T14:53:30.666Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://checkmk.com/werk/16227" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Checkmk", "vendor": "Checkmk GmbH", "versions": [ { "lessThan": "2.2.0p18", "status": "affected", "version": "2.2.0", "versionType": "semver" }, { "lessThan": "2.1.0p38", "status": "affected", "version": "2.1.0", "versionType": "semver" }, { "lessThanOrEqual": "2.0.0p39", "status": "affected", "version": "2.0.0", "versionType": "semver" } ] } ], "descriptions": [ { "lang": "en", "value": "Insufficient authentication flow in Checkmk before 2.2.0p18, 2.1.0p38 and 2.0.0p39 allows attacker to use locked credentials" } ], "impacts": [ { "capecId": "CAPEC-114", "descriptions": [ { "lang": "en", "value": "CAPEC-114: Authentication Abuse" } ] } ], "metrics": [ { "cvssV3_1": { "baseScore": 8.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-303", "description": "CWE-303: Incorrect Implementation of Authentication Algorithm", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-08-26T09:47:23.924Z", "orgId": "f7d6281c-4801-44ce-ace2-493291dedb0f", "shortName": "Checkmk" }, "references": [ { "url": "https://checkmk.com/werk/16227" } ], "title": "Disabled automation users could still authenticate" } }, "cveMetadata": { "assignerOrgId": "f7d6281c-4801-44ce-ace2-493291dedb0f", "assignerShortName": "Checkmk", "cveId": "CVE-2023-31211", "datePublished": "2024-01-12T07:49:45.294Z", "dateReserved": "2023-04-25T08:49:15.443Z", "dateUpdated": "2024-08-26T09:47:23.924Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-38859
Vulnerability from cvelistv5
Published
2024-08-26 14:15
Modified
2024-08-26 15:22
Severity ?
EPSS score ?
Summary
XSS in the view page with the SLA column configured in Checkmk versions prior to 2.3.0p14, 2.2.0p33, 2.1.0p47 and 2.0.0 (EOL) allowed malicious users to execute arbitrary scripts by injecting HTML elements into the SLA column title. These scripts could be executed when the view page was cloned by other users.
References
▼ | URL | Tags |
---|---|---|
https://checkmk.com/werk/17026 |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Checkmk GmbH | Checkmk |
Version: 2.3.0 ≤ Version: 2.2.0 ≤ Version: 2.1.0 ≤ Version: 2.0.0 ≤ 2.0.0p39 |
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-38859", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-08-26T15:22:20.463340Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-08-26T15:22:30.830Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Checkmk", "vendor": "Checkmk GmbH", "versions": [ { "lessThan": "2.3.0p14", "status": "affected", "version": "2.3.0", "versionType": "semver" }, { "lessThan": "2.2.0p33", "status": "affected", "version": "2.2.0", "versionType": "semver" }, { "lessThan": "2.1.0p47", "status": "affected", "version": "2.1.0", "versionType": "semver" }, { "lessThanOrEqual": "2.0.0p39", "status": "affected", "version": "2.0.0", "versionType": "semver" } ] } ], "descriptions": [ { "lang": "en", "value": "XSS in the view page with the SLA column configured in Checkmk versions prior to 2.3.0p14, 2.2.0p33, 2.1.0p47 and 2.0.0 (EOL) allowed malicious users to execute arbitrary scripts by injecting HTML elements into the SLA column title. These scripts could be executed when the view page was cloned by other users." } ], "impacts": [ { "capecId": "CAPEC-592", "descriptions": [ { "lang": "en", "value": "CAPEC-592: Stored XSS" } ] } ], "metrics": [ { "cvssV4_0": { "baseScore": 4.8, "baseSeverity": "MEDIUM", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N", "version": "4.0" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-80", "description": "CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-08-26T14:15:32.555Z", "orgId": "f7d6281c-4801-44ce-ace2-493291dedb0f", "shortName": "Checkmk" }, "references": [ { "url": "https://checkmk.com/werk/17026" } ], "title": "XSS in view page with SLA column" } }, "cveMetadata": { "assignerOrgId": "f7d6281c-4801-44ce-ace2-493291dedb0f", "assignerShortName": "Checkmk", "cveId": "CVE-2024-38859", "datePublished": "2024-08-26T14:15:32.555Z", "dateReserved": "2024-06-20T10:03:09.178Z", "dateUpdated": "2024-08-26T15:22:30.830Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-38863
Vulnerability from cvelistv5
Published
2024-10-14 07:19
Modified
2024-10-14 15:34
Severity ?
EPSS score ?
Summary
Exposure of CSRF tokens in query parameters on specific requests in Checkmk GmbH's Checkmk versions <2.3.0p18, <2.2.0p35 and <2.1.0p48 could lead to a leak of the token to facilitate targeted phishing attacks.
References
▼ | URL | Tags |
---|---|---|
https://checkmk.com/werk/17096 |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Checkmk GmbH | Checkmk |
Version: 2.1.0 ≤ Version: 2.2.0 ≤ Version: 2.3.0 ≤ |
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-38863", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-10-14T15:34:02.300639Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-10-14T15:34:11.188Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Checkmk", "vendor": "Checkmk GmbH", "versions": [ { "lessThan": "2.1.0p48", "status": "affected", "version": "2.1.0", "versionType": "semver" }, { "lessThan": "2.2.0p35", "status": "affected", "version": "2.2.0", "versionType": "semver" }, { "lessThan": "2.3.0p18", "status": "affected", "version": "2.3.0", "versionType": "semver" } ] } ], "descriptions": [ { "lang": "en", "value": "Exposure of CSRF tokens in query parameters on specific requests in Checkmk GmbH\u0027s Checkmk versions \u003c2.3.0p18, \u003c2.2.0p35 and \u003c2.1.0p48 could lead to a leak of the token to facilitate targeted phishing attacks." } ], "impacts": [ { "capecId": "CAPEC-98", "descriptions": [ { "lang": "en", "value": "CAPEC-98: Phishing" } ] } ], "metrics": [ { "cvssV4_0": { "baseScore": 2, "baseSeverity": "LOW", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:N/SC:L/SI:N/SA:N", "version": "4.0" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-598", "description": "CWE-598: Use of GET Request Method With Sensitive Query Strings", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-10-14T07:19:07.625Z", "orgId": "f7d6281c-4801-44ce-ace2-493291dedb0f", "shortName": "Checkmk" }, "references": [ { "url": "https://checkmk.com/werk/17096" } ], "title": "CSRF token leaked in URL parameters" } }, "cveMetadata": { "assignerOrgId": "f7d6281c-4801-44ce-ace2-493291dedb0f", "assignerShortName": "Checkmk", "cveId": "CVE-2024-38863", "datePublished": "2024-10-14T07:19:07.625Z", "dateReserved": "2024-06-20T10:03:09.178Z", "dateUpdated": "2024-10-14T15:34:11.188Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-31210
Vulnerability from cvelistv5
Published
2023-12-13 08:26
Modified
2024-12-02 14:29
Severity ?
EPSS score ?
Summary
Usage of user controlled LD_LIBRARY_PATH in agent in Checkmk 2.2.0p10 up to 2.2.0p16 allows malicious Checkmk site user to escalate rights via injection of malicious libraries
References
▼ | URL | Tags |
---|---|---|
https://checkmk.com/werk/16226 |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Checkmk GmbH | Checkmk |
Version: 2.2.0p10 ≤ |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T14:53:29.719Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://checkmk.com/werk/16226" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2023-31210", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2023-12-18T21:37:33.317071Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-12-02T14:29:06.806Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Checkmk", "vendor": "Checkmk GmbH", "versions": [ { "lessThan": "2.2.0p17", "status": "affected", "version": "2.2.0p10", "versionType": "semver" } ] } ], "credits": [ { "lang": "en", "type": "reporter", "value": "We thank Jan-Philipp Litza for reporting this issue." } ], "descriptions": [ { "lang": "en", "value": "Usage of user controlled LD_LIBRARY_PATH in agent in Checkmk 2.2.0p10 up to 2.2.0p16 allows malicious Checkmk site user to escalate rights via injection of malicious libraries" } ], "impacts": [ { "capecId": "CAPEC-251", "descriptions": [ { "lang": "en", "value": "CAPEC-251: Local Code Inclusion" } ] } ], "metrics": [ { "cvssV3_1": { "baseScore": 8.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-427", "description": "CWE-427: Uncontrolled Search Path Element", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-12-13T08:26:46.452Z", "orgId": "f7d6281c-4801-44ce-ace2-493291dedb0f", "shortName": "Checkmk" }, "references": [ { "url": "https://checkmk.com/werk/16226" } ], "title": "Privilege escalation in agent via LD_LIBRARY_PATH" } }, "cveMetadata": { "assignerOrgId": "f7d6281c-4801-44ce-ace2-493291dedb0f", "assignerShortName": "Checkmk", "cveId": "CVE-2023-31210", "datePublished": "2023-12-13T08:26:46.452Z", "dateReserved": "2023-04-25T08:49:15.443Z", "dateUpdated": "2024-12-02T14:29:06.806Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-31209
Vulnerability from cvelistv5
Published
2023-08-10 08:14
Modified
2024-08-28 20:24
Severity ?
EPSS score ?
Summary
Improper neutralization of active check command arguments in Checkmk < 2.1.0p32, < 2.0.0p38, < 2.2.0p4 leads to arbitrary command execution for authenticated users.
References
▼ | URL | Tags |
---|---|---|
https://checkmk.com/werk/15194 |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Checkmk GmbH | Checkmk |
Version: 2.2.0 ≤ Version: 2.1.0 ≤ Version: 2.0.0 ≤ |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T14:53:30.688Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://checkmk.com/werk/15194" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2023-31209", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-08-28T20:23:39.698795Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-08-28T20:24:16.728Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Checkmk", "vendor": "Checkmk GmbH", "versions": [ { "lessThan": "2.2.0p4", "status": "affected", "version": "2.2.0", "versionType": "semver" }, { "lessThan": "2.1.0p32", "status": "affected", "version": "2.1.0", "versionType": "semver" }, { "lessThan": "2.0.0p38", "status": "affected", "version": "2.0.0", "versionType": "semver" } ] } ], "descriptions": [ { "lang": "en", "value": "Improper neutralization of active check command arguments in Checkmk \u003c 2.1.0p32, \u003c 2.0.0p38, \u003c 2.2.0p4 leads to arbitrary command execution for authenticated users." } ], "impacts": [ { "capecId": "CAPEC-6", "descriptions": [ { "lang": "en", "value": "CAPEC-6: Argument Injection" } ] } ], "metrics": [ { "cvssV3_1": { "baseScore": 8.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-78", "description": "CWE-78: Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-08-26T09:47:02.416Z", "orgId": "f7d6281c-4801-44ce-ace2-493291dedb0f", "shortName": "Checkmk" }, "references": [ { "url": "https://checkmk.com/werk/15194" } ], "title": "Command injection via active checks and REST API" } }, "cveMetadata": { "assignerOrgId": "f7d6281c-4801-44ce-ace2-493291dedb0f", "assignerShortName": "Tribe29", "cveId": "CVE-2023-31209", "datePublished": "2023-08-10T08:14:12.067Z", "dateReserved": "2023-04-25T08:49:15.443Z", "dateUpdated": "2024-08-28T20:24:16.728Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-38858
Vulnerability from cvelistv5
Published
2024-09-02 09:16
Modified
2024-09-03 14:08
Severity ?
EPSS score ?
Summary
Improper neutralization of input in Checkmk before version 2.3.0p14 allows attackers to inject and run malicious scripts in the Robotmk logs view.
References
▼ | URL | Tags |
---|---|---|
https://checkmk.com/werk/17232 |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Checkmk GmbH | Checkmk |
Version: 2.3.0 ≤ |
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-38858", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-09-03T14:07:25.381085Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-09-03T14:08:05.571Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Checkmk", "vendor": "Checkmk GmbH", "versions": [ { "lessThan": "2.3.0p14", "status": "affected", "version": "2.3.0", "versionType": "semver" } ] } ], "descriptions": [ { "lang": "en", "value": "Improper neutralization of input in Checkmk before version 2.3.0p14 allows attackers to inject and run malicious scripts in the Robotmk logs view." } ], "impacts": [ { "capecId": "CAPEC-592", "descriptions": [ { "lang": "en", "value": "CAPEC-592: Stored XSS" } ] } ], "metrics": [ { "cvssV4_0": { "baseScore": 2.3, "baseSeverity": "LOW", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N", "version": "4.0" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-79", "description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-09-02T09:16:40.902Z", "orgId": "f7d6281c-4801-44ce-ace2-493291dedb0f", "shortName": "Checkmk" }, "references": [ { "url": "https://checkmk.com/werk/17232" } ], "title": "Cross-site scripting in Robotmk logs view" } }, "cveMetadata": { "assignerOrgId": "f7d6281c-4801-44ce-ace2-493291dedb0f", "assignerShortName": "Checkmk", "cveId": "CVE-2024-38858", "datePublished": "2024-09-02T09:16:40.902Z", "dateReserved": "2024-06-20T10:03:09.178Z", "dateUpdated": "2024-09-03T14:08:05.571Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-6251
Vulnerability from cvelistv5
Published
2023-11-24 08:16
Modified
2024-08-02 08:21
Severity ?
EPSS score ?
Summary
Cross-site Request Forgery (CSRF) in Checkmk < 2.2.0p15, < 2.1.0p37, <= 2.0.0p39 allow an authenticated attacker to delete user-messages for individual users.
References
▼ | URL | Tags |
---|---|---|
https://checkmk.com/werk/16224 |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Checkmk GmbH | Checkmk |
Version: 2.0.0 ≤ 2.0.0p39 Version: 2.1.0 ≤ Version: 2.2.0 ≤ |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T08:21:18.099Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://checkmk.com/werk/16224" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Checkmk", "vendor": "Checkmk GmbH", "versions": [ { "lessThanOrEqual": "2.0.0p39", "status": "affected", "version": "2.0.0", "versionType": "semver" }, { "lessThan": "2.1.0p37", "status": "affected", "version": "2.1.0", "versionType": "semver" }, { "lessThan": "2.2.0p15", "status": "affected", "version": "2.2.0", "versionType": "semver" } ] } ], "credits": [ { "lang": "en", "type": "reporter", "value": "Port Zero" } ], "descriptions": [ { "lang": "en", "value": "Cross-site Request Forgery (CSRF) in Checkmk \u003c 2.2.0p15, \u003c 2.1.0p37, \u003c= 2.0.0p39 allow an authenticated attacker to delete user-messages for individual users." } ], "impacts": [ { "capecId": "CAPEC-62", "descriptions": [ { "lang": "en", "value": "CAPEC-62 Cross Site Request Forgery" } ] } ], "metrics": [ { "cvssV3_1": { "baseScore": 3.5, "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-352", "description": "CWE-352 Cross-Site Request Forgery (CSRF)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-11-24T08:16:23.663Z", "orgId": "f7d6281c-4801-44ce-ace2-493291dedb0f", "shortName": "Checkmk" }, "references": [ { "url": "https://checkmk.com/werk/16224" } ], "title": "CSRF in delete_user_message" } }, "cveMetadata": { "assignerOrgId": "f7d6281c-4801-44ce-ace2-493291dedb0f", "assignerShortName": "Checkmk", "cveId": "CVE-2023-6251", "datePublished": "2023-11-24T08:16:23.663Z", "dateReserved": "2023-11-22T10:39:14.993Z", "dateUpdated": "2024-08-02T08:21:18.099Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-23548
Vulnerability from cvelistv5
Published
2023-08-01 09:42
Modified
2024-09-27 21:58
Severity ?
EPSS score ?
Summary
Reflected XSS in business intelligence in Checkmk <2.2.0p8, <2.1.0p32, <2.0.0p38, <=1.6.0p30.
References
▼ | URL | Tags |
---|---|---|
https://checkmk.com/werk/15691 |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Checkmk GmbH | Checkmk |
Version: 2.2.0 ≤ Version: 2.1.0 ≤ Version: 2.0.0 ≤ Version: 1.6.0 ≤ 1.6.0p30 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T10:35:33.528Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://checkmk.com/werk/15691" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2023-23548", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-09-27T21:50:12.357186Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-09-27T21:58:16.665Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Checkmk", "vendor": "Checkmk GmbH", "versions": [ { "lessThan": "2.2.0p8", "status": "affected", "version": "2.2.0", "versionType": "semver" }, { "lessThan": "2.1.0p32", "status": "affected", "version": "2.1.0", "versionType": "semver" }, { "lessThan": "2.0.0p38", "status": "affected", "version": "2.0.0", "versionType": "semver" }, { "lessThanOrEqual": "1.6.0p30", "status": "affected", "version": "1.6.0", "versionType": "semver" } ] } ], "descriptions": [ { "lang": "en", "value": "Reflected XSS in business intelligence in Checkmk \u003c2.2.0p8, \u003c2.1.0p32, \u003c2.0.0p38, \u003c=1.6.0p30." } ], "impacts": [ { "capecId": "CAPEC-591", "descriptions": [ { "lang": "en", "value": "CAPEC-591: Reflected XSS" } ] } ], "metrics": [ { "cvssV3_1": { "baseScore": 5.4, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-80", "description": "CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-08-01T09:42:58.428Z", "orgId": "f7d6281c-4801-44ce-ace2-493291dedb0f", "shortName": "Tribe29" }, "references": [ { "url": "https://checkmk.com/werk/15691" } ], "title": "XSS in business intelligence" } }, "cveMetadata": { "assignerOrgId": "f7d6281c-4801-44ce-ace2-493291dedb0f", "assignerShortName": "Tribe29", "cveId": "CVE-2023-23548", "datePublished": "2023-08-01T09:42:58.428Z", "dateReserved": "2023-01-18T15:32:06.498Z", "dateUpdated": "2024-09-27T21:58:16.665Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-28826
Vulnerability from cvelistv5
Published
2024-05-29 10:00
Modified
2024-08-02 00:56
Severity ?
EPSS score ?
Summary
Improper restriction of local upload and download paths in check_sftp in Checkmk before 2.3.0p4, 2.2.0p27, 2.1.0p44, and in Checkmk 2.0.0 (EOL) allows attackers with sufficient permissions to configure the check to read and write local files on the Checkmk site server.
References
▼ | URL | Tags |
---|---|---|
https://checkmk.com/werk/15200 |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Checkmk GmbH | Checkmk |
Version: 2.3.0 ≤ Version: 2.2.0 ≤ Version: 2.1.0 ≤ Version: 2.0.0 ≤ 2.0.0p39 |
|
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:a:checkmk:checkmk:2.0.0:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "checkmk", "vendor": "checkmk", "versions": [ { "lessThan": "2.0.0p39", "status": "affected", "version": "2.0.0", "versionType": "semver" } ] }, { "cpes": [ "cpe:2.3:a:checkmk:checkmk:2.1.0:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "checkmk", "vendor": "checkmk", "versions": [ { "lessThan": "2.1.0p44", "status": "affected", "version": "2.1.0", "versionType": "semver" } ] }, { "cpes": [ "cpe:2.3:a:checkmk:checkmk:2.2.0:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "checkmk", "vendor": "checkmk", "versions": [ { "lessThan": "2.2.0p27", "status": "affected", "version": "2.2.0", "versionType": "semver" } ] }, { "cpes": [ "cpe:2.3:a:checkmk:checkmk:2.3.0:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "checkmk", "vendor": "checkmk", "versions": [ { "lessThan": "2.3.0p4", "status": "affected", "version": "2.3.0", "versionType": "semver" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2024-28826", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-06-05T20:21:05.131648Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-05T20:33:54.922Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T00:56:58.127Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://checkmk.com/werk/15200" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Checkmk", "vendor": "Checkmk GmbH", "versions": [ { "lessThan": "2.3.0p4", "status": "affected", "version": "2.3.0", "versionType": "semver" }, { "lessThan": "2.2.0p27", "status": "affected", "version": "2.2.0", "versionType": "semver" }, { "lessThan": "2.1.0p44", "status": "affected", "version": "2.1.0", "versionType": "semver" }, { "lessThanOrEqual": "2.0.0p39", "status": "affected", "version": "2.0.0", "versionType": "semver" } ] } ], "descriptions": [ { "lang": "en", "value": "Improper restriction of local upload and download paths in check_sftp in Checkmk before 2.3.0p4, 2.2.0p27, 2.1.0p44, and in Checkmk 2.0.0 (EOL) allows attackers with sufficient permissions to configure the check to read and write local files on the Checkmk site server." } ], "impacts": [ { "capecId": "CAPEC-212", "descriptions": [ { "lang": "en", "value": "CAPEC-212: Functionality Misuse" } ] } ], "metrics": [ { "cvssV3_1": { "baseScore": 8.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-73", "description": "CWE-73: External Control of File Name or Path", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-05-29T10:00:53.789Z", "orgId": "f7d6281c-4801-44ce-ace2-493291dedb0f", "shortName": "Checkmk" }, "references": [ { "url": "https://checkmk.com/werk/15200" } ], "title": "Unrestricted upload and download paths in check_sftp" } }, "cveMetadata": { "assignerOrgId": "f7d6281c-4801-44ce-ace2-493291dedb0f", "assignerShortName": "Checkmk", "cveId": "CVE-2024-28826", "datePublished": "2024-05-29T10:00:53.789Z", "dateReserved": "2024-03-11T13:21:43.122Z", "dateUpdated": "2024-08-02T00:56:58.127Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-28825
Vulnerability from cvelistv5
Published
2024-04-24 11:25
Modified
2024-08-02 00:56
Severity ?
EPSS score ?
Summary
Improper restriction of excessive authentication attempts on some authentication methods in Checkmk before 2.3.0b5 (beta), 2.2.0p26, 2.1.0p43, and in Checkmk 2.0.0 (EOL) facilitates password brute-forcing.
References
▼ | URL | Tags |
---|---|---|
https://checkmk.com/werk/15198 |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Checkmk GmbH | Checkmk |
Version: 2.3.0 ≤ Version: 2.2.0 ≤ Version: 2.1.0 ≤ Version: 2.0.0 ≤ 2.0.0p39 |
|
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:a:checkmk:checkmk:2.0.0:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "checkmk", "vendor": "checkmk", "versions": [ { "lessThan": "2.0.0p39", "status": "affected", "version": "2.0.0", "versionType": "semver" } ] }, { "cpes": [ "cpe:2.3:a:checkmk:checkmk:2.1.0:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "checkmk", "vendor": "checkmk", "versions": [ { "lessThan": "2.1.0p43", "status": "affected", "version": "2.1.0", "versionType": "semver" } ] }, { "cpes": [ "cpe:2.3:a:checkmk:checkmk:2.2.0:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "checkmk", "vendor": "checkmk", "versions": [ { "lessThan": "2.2.0p26", "status": "affected", "version": "2.2.0", "versionType": "semver" } ] }, { "cpes": [ "cpe:2.3:a:checkmk:checkmk:2.3.0:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "checkmk", "vendor": "checkmk", "versions": [ { "lessThan": "2.3.0b5", "status": "affected", "version": "2.3.0", "versionType": "semver" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2024-28825", "options": [ { "Exploitation": "none" }, { "Automatable": "yes" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-04-24T14:27:40.480273Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-04T18:03:50.090Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T00:56:58.650Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://checkmk.com/werk/15198" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Checkmk", "vendor": "Checkmk GmbH", "versions": [ { "lessThan": "2.3.0b5", "status": "affected", "version": "2.3.0", "versionType": "semver" }, { "lessThan": "2.2.0p26", "status": "affected", "version": "2.2.0", "versionType": "semver" }, { "lessThan": "2.1.0p43", "status": "affected", "version": "2.1.0", "versionType": "semver" }, { "lessThanOrEqual": "2.0.0p39", "status": "affected", "version": "2.0.0", "versionType": "semver" } ] } ], "descriptions": [ { "lang": "en", "value": "Improper restriction of excessive authentication attempts on some authentication methods in Checkmk before 2.3.0b5 (beta), 2.2.0p26, 2.1.0p43, and in Checkmk 2.0.0 (EOL) facilitates password brute-forcing." } ], "impacts": [ { "capecId": "CAPEC-49", "descriptions": [ { "lang": "en", "value": "CAPEC-49: Password Brute Forcing" } ] } ], "metrics": [ { "cvssV3_1": { "baseScore": 5.9, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-307", "description": "CWE-307: Improper Restriction of Excessive Authentication Attempts", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-04-24T11:25:36.306Z", "orgId": "f7d6281c-4801-44ce-ace2-493291dedb0f", "shortName": "Checkmk" }, "references": [ { "url": "https://checkmk.com/werk/15198" } ], "title": "Brute-force protection ineffective for some login methods" } }, "cveMetadata": { "assignerOrgId": "f7d6281c-4801-44ce-ace2-493291dedb0f", "assignerShortName": "Checkmk", "cveId": "CVE-2024-28825", "datePublished": "2024-04-24T11:25:36.306Z", "dateReserved": "2024-03-11T13:21:43.122Z", "dateUpdated": "2024-08-02T00:56:58.650Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-31208
Vulnerability from cvelistv5
Published
2023-05-17 08:24
Modified
2024-08-02 14:45
Severity ?
EPSS score ?
Summary
Improper neutralization of livestatus command delimiters in the RestAPI in Checkmk < 2.0.0p36, < 2.1.0p28, and < 2.2.0b8 (beta) allows arbitrary livestatus command execution for authorized users.
References
▼ | URL | Tags |
---|---|---|
https://checkmk.com/werk/15191 |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Checkmk GmbH | Checkmk |
Version: 2.2.0 ≤ Version: 2.1.0 ≤ Version: 2.0.0 ≤ |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T14:45:26.187Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://checkmk.com/werk/15191" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Checkmk", "vendor": "Checkmk GmbH", "versions": [ { "lessThan": "2.2.0b8", "status": "affected", "version": "2.2.0", "versionType": "semver" }, { "lessThan": "2.1.0p28", "status": "affected", "version": "2.1.0", "versionType": "semver" }, { "lessThan": "2.0.0p36", "status": "affected", "version": "2.0.0", "versionType": "semver" } ] } ], "descriptions": [ { "lang": "en", "value": "Improper neutralization of livestatus command delimiters in the RestAPI in Checkmk \u003c 2.0.0p36, \u003c 2.1.0p28, and \u003c 2.2.0b8 (beta) allows arbitrary livestatus command execution for authorized users." } ], "impacts": [ { "capecId": "CAPEC-15", "descriptions": [ { "lang": "en", "value": "CAPEC-15: Command Delimiters" } ] } ], "metrics": [ { "cvssV3_1": { "baseScore": 8.3, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-140", "description": "CWE-140: Improper Neutralization of Delimiters", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-05-17T08:24:59.173Z", "orgId": "f7d6281c-4801-44ce-ace2-493291dedb0f", "shortName": "Tribe29" }, "references": [ { "url": "https://checkmk.com/werk/15191" } ], "title": "Livestatus command injection in RestAPI" } }, "cveMetadata": { "assignerOrgId": "f7d6281c-4801-44ce-ace2-493291dedb0f", "assignerShortName": "Tribe29", "cveId": "CVE-2023-31208", "datePublished": "2023-05-17T08:24:59.173Z", "dateReserved": "2023-04-25T08:49:15.442Z", "dateUpdated": "2024-08-02T14:45:26.187Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-28832
Vulnerability from cvelistv5
Published
2024-06-25 11:45
Modified
2024-08-02 00:56
Severity ?
EPSS score ?
Summary
Stored XSS in the Crash Report page in Checkmk before versions 2.3.0p7, 2.2.0p28, 2.1.0p45, and 2.0.0 (EOL) allows users with permission to change Global Settings to execute arbitrary scripts by injecting HTML elements into the Crash Report URL in the Global Settings.
References
▼ | URL | Tags |
---|---|---|
https://checkmk.com/werk/17024 |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Checkmk GmbH | Checkmk |
Version: 2.3.0 ≤ Version: 2.2.0 ≤ Version: 2.1.0 ≤ Version: 2.0.0 ≤ 2.0.0p39 |
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-28832", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-06-26T13:53:42.480903Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-26T17:07:00.337Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T00:56:58.120Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://checkmk.com/werk/17024" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Checkmk", "vendor": "Checkmk GmbH", "versions": [ { "lessThan": "2.3.0p7", "status": "affected", "version": "2.3.0", "versionType": "semver" }, { "lessThan": "2.2.0p28", "status": "affected", "version": "2.2.0", "versionType": "semver" }, { "lessThan": "2.1.0p45", "status": "affected", "version": "2.1.0", "versionType": "semver" }, { "lessThanOrEqual": "2.0.0p39", "status": "affected", "version": "2.0.0", "versionType": "semver" } ] } ], "credits": [ { "lang": "en", "type": "reporter", "value": "PS Positive Security GmbH" } ], "descriptions": [ { "lang": "en", "value": "Stored XSS in the Crash Report page in Checkmk before versions 2.3.0p7, 2.2.0p28, 2.1.0p45, and 2.0.0 (EOL) allows users with permission to change Global Settings to execute arbitrary scripts by injecting HTML elements into the Crash Report URL in the Global Settings." } ], "impacts": [ { "capecId": "CAPEC-592", "descriptions": [ { "lang": "en", "value": "CAPEC-592: Stored XSS" } ] } ], "metrics": [ { "cvssV3_1": { "baseScore": 4.8, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-80", "description": "CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-06-25T11:45:33.371Z", "orgId": "f7d6281c-4801-44ce-ace2-493291dedb0f", "shortName": "Checkmk" }, "references": [ { "url": "https://checkmk.com/werk/17024" } ], "title": "XSS in Crash Report Page" } }, "cveMetadata": { "assignerOrgId": "f7d6281c-4801-44ce-ace2-493291dedb0f", "assignerShortName": "Checkmk", "cveId": "CVE-2024-28832", "datePublished": "2024-06-25T11:45:33.371Z", "dateReserved": "2024-03-11T13:21:43.122Z", "dateUpdated": "2024-08-02T00:56:58.120Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-6542
Vulnerability from cvelistv5
Published
2024-07-22 09:50
Modified
2024-08-01 21:41
Severity ?
EPSS score ?
Summary
Improper neutralization of livestatus command delimiters in mknotifyd in Checkmk <= 2.0.0p39, < 2.1.0p47, < 2.2.0p32 and < 2.3.0p11 allows arbitrary livestatus command execution.
References
▼ | URL | Tags |
---|---|---|
https://checkmk.com/werk/17013 |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Checkmk GmbH | Checkmk |
Version: 2.3.0 ≤ Version: 2.2.0 ≤ Version: 2.1.0 ≤ Version: 2.0.0 ≤ 2.0.0p39 |
|
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:a:checkmk:checkmk:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "checkmk", "vendor": "checkmk", "versions": [ { "lessThanOrEqual": "2.0.0p39", "status": "affected", "version": "2.0.0", "versionType": "semver" }, { "lessThan": "2.1.0p47", "status": "affected", "version": "2.1.0", "versionType": "semver" }, { "lessThan": "2.2.0p32", "status": "affected", "version": "2.2.0", "versionType": "semver" }, { "lessThan": "2.3.0p11", "status": "affected", "version": "2.3.0", "versionType": "semver" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2024-6542", "options": [ { "Exploitation": "none" }, { "Automatable": "yes" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-07-22T13:29:23.832484Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-07-22T20:26:27.733Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-01T21:41:03.497Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://checkmk.com/werk/17013" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Checkmk", "vendor": "Checkmk GmbH", "versions": [ { "lessThan": "2.3.0p11", "status": "affected", "version": "2.3.0", "versionType": "semver" }, { "lessThan": "2.2.0p32", "status": "affected", "version": "2.2.0", "versionType": "semver" }, { "lessThan": "2.1.0p47", "status": "affected", "version": "2.1.0", "versionType": "semver" }, { "lessThanOrEqual": "2.0.0p39", "status": "affected", "version": "2.0.0", "versionType": "semver" } ] } ], "descriptions": [ { "lang": "en", "value": "Improper neutralization of livestatus command delimiters in mknotifyd in Checkmk \u003c= 2.0.0p39, \u003c 2.1.0p47, \u003c 2.2.0p32 and \u003c 2.3.0p11 allows arbitrary livestatus command execution." } ], "impacts": [ { "capecId": "CAPEC-15", "descriptions": [ { "lang": "en", "value": "CAPEC-15: Command Delimiters" } ] } ], "metrics": [ { "cvssV3_1": { "baseScore": 6.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-140", "description": "CWE-140: Improper Neutralization of Delimiters", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-07-22T09:50:17.736Z", "orgId": "f7d6281c-4801-44ce-ace2-493291dedb0f", "shortName": "Checkmk" }, "references": [ { "url": "https://checkmk.com/werk/17013" } ], "title": "Livestatus injection in mknotifyd" } }, "cveMetadata": { "assignerOrgId": "f7d6281c-4801-44ce-ace2-493291dedb0f", "assignerShortName": "Checkmk", "cveId": "CVE-2024-6542", "datePublished": "2024-07-22T09:50:17.736Z", "dateReserved": "2024-07-08T11:59:16.981Z", "dateUpdated": "2024-08-01T21:41:03.497Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-3367
Vulnerability from cvelistv5
Published
2024-04-16 11:59
Modified
2024-08-26 09:48
Severity ?
EPSS score ?
Summary
Argument injection in websphere_mq agent plugin in Checkmk 2.0.0, 2.1.0, <2.2.0p26 and <2.3.0b5 allows local attacker to inject one argument to runmqsc
References
▼ | URL | Tags |
---|---|---|
https://checkmk.com/werk/16615 |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Checkmk GmbH | Checkmk |
Version: 2.3.0 ≤ Version: 2.2.0 ≤ Version: 2.1.0 ≤ Version: 2.0.0 ≤ 2.0.0p39 |
|
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:a:checkmk:checkmk:2.0.0:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "checkmk", "vendor": "checkmk", "versions": [ { "lessThan": "2.0.0p39", "status": "affected", "version": "2.0.0", "versionType": "semver" } ] }, { "cpes": [ "cpe:2.3:a:checkmk:checkmk:2.1.0:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "checkmk", "vendor": "checkmk", "versions": [ { "lessThan": "2.1.0p99", "status": "affected", "version": "2.1.0", "versionType": "semver" } ] }, { "cpes": [ "cpe:2.3:a:checkmk:checkmk:2.2.0:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "checkmk", "vendor": "checkmk", "versions": [ { "lessThan": "2.2.0p26", "status": "affected", "version": "2.2.0", "versionType": "semver" } ] }, { "cpes": [ "cpe:2.3:a:checkmk:checkmk:2.3.0:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "checkmk", "vendor": "checkmk", "versions": [ { "lessThan": "2.3.0b5", "status": "affected", "version": "2.3.0", "versionType": "semver" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2024-3367", "options": [ { "Exploitation": "none" }, { "Automatable": "yes" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-04-24T14:21:12.926526Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-13T20:39:25.120Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-01T20:05:08.548Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://checkmk.com/werk/16615" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Checkmk", "vendor": "Checkmk GmbH", "versions": [ { "lessThan": "2.3.0b5", "status": "affected", "version": "2.3.0", "versionType": "semver" }, { "lessThan": "2.2.0p26", "status": "affected", "version": "2.2.0", "versionType": "semver" }, { "lessThan": "2.1.0p99", "status": "affected", "version": "2.1.0", "versionType": "semver" }, { "lessThanOrEqual": "2.0.0p39", "status": "affected", "version": "2.0.0", "versionType": "semver" } ] } ], "descriptions": [ { "lang": "en", "value": "Argument injection in websphere_mq agent plugin in Checkmk 2.0.0, 2.1.0, \u003c2.2.0p26 and \u003c2.3.0b5 allows local attacker to inject one argument to runmqsc" } ], "impacts": [ { "capecId": "CAPEC-6", "descriptions": [ { "lang": "en", "value": "CAPEC-6: Argument Injection" } ] } ], "metrics": [ { "cvssV3_1": { "baseScore": 6.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-88", "description": "CWE-88: Improper Neutralization of Argument Delimiters in a Command (\u0027Argument Injection\u0027)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-08-26T09:48:37.438Z", "orgId": "f7d6281c-4801-44ce-ace2-493291dedb0f", "shortName": "Checkmk" }, "references": [ { "url": "https://checkmk.com/werk/16615" } ], "title": "Argument injection to runmqsc" } }, "cveMetadata": { "assignerOrgId": "f7d6281c-4801-44ce-ace2-493291dedb0f", "assignerShortName": "Checkmk", "cveId": "CVE-2024-3367", "datePublished": "2024-04-16T11:59:43.845Z", "dateReserved": "2024-04-05T08:38:32.436Z", "dateUpdated": "2024-08-26T09:48:37.438Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-38857
Vulnerability from cvelistv5
Published
2024-07-02 08:11
Modified
2024-08-02 04:19
Severity ?
EPSS score ?
Summary
Improper neutralization of input in Checkmk before versions 2.3.0p8, 2.2.0p28, 2.1.0p45, and 2.0.0 (EOL) allows attackers to craft malicious links that can facilitate phishing attacks.
References
▼ | URL | Tags |
---|---|---|
https://checkmk.com/werk/17059 |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Checkmk GmbH | Checkmk |
Version: 2.3.0 ≤ Version: 2.2.0 ≤ Version: 2.1.0 ≤ Version: 2.0.0 ≤ 2.0.0p39 |
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-38857", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-07-02T14:02:53.161004Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-07-02T14:02:59.286Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T04:19:20.353Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://checkmk.com/werk/17059" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Checkmk", "vendor": "Checkmk GmbH", "versions": [ { "lessThan": "2.3.0p8", "status": "affected", "version": "2.3.0", "versionType": "semver" }, { "lessThan": "2.2.0p28", "status": "affected", "version": "2.2.0", "versionType": "semver" }, { "lessThan": "2.1.0p45", "status": "affected", "version": "2.1.0", "versionType": "semver" }, { "lessThanOrEqual": "2.0.0p39", "status": "affected", "version": "2.0.0", "versionType": "semver" } ] } ], "credits": [ { "lang": "en", "type": "reporter", "value": "PS Positive Security GmbH" } ], "descriptions": [ { "lang": "en", "value": "Improper neutralization of input in Checkmk before versions 2.3.0p8, 2.2.0p28, 2.1.0p45, and 2.0.0 (EOL) allows attackers to craft malicious links that can facilitate phishing attacks." } ], "impacts": [ { "capecId": "CAPEC-591", "descriptions": [ { "lang": "en", "value": "CAPEC-591: Reflected XSS" } ] } ], "metrics": [ { "cvssV3_1": { "baseScore": 4.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-79", "description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-07-02T08:11:19.241Z", "orgId": "f7d6281c-4801-44ce-ace2-493291dedb0f", "shortName": "Checkmk" }, "references": [ { "url": "https://checkmk.com/werk/17059" } ], "title": "Reflected links in visuals facilitate phishing attacks" } }, "cveMetadata": { "assignerOrgId": "f7d6281c-4801-44ce-ace2-493291dedb0f", "assignerShortName": "Checkmk", "cveId": "CVE-2024-38857", "datePublished": "2024-07-02T08:11:19.241Z", "dateReserved": "2024-06-20T10:03:09.177Z", "dateUpdated": "2024-08-02T04:19:20.353Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-6156
Vulnerability from cvelistv5
Published
2023-11-22 16:24
Modified
2024-08-02 08:21
Severity ?
EPSS score ?
Summary
Improper neutralization of livestatus command delimiters in the availability timeline in Checkmk <= 2.0.0p39, < 2.1.0p37, and < 2.2.0p15 allows arbitrary livestatus command execution for authorized users.
References
▼ | URL | Tags |
---|---|---|
https://checkmk.com/werk/16221 |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Checkmk GmbH | Checkmk |
Version: 2.2.0 ≤ Version: 2.1.0 ≤ Version: 2.0.0 ≤ 2.0.0p39 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T08:21:17.614Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://checkmk.com/werk/16221" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Checkmk", "vendor": "Checkmk GmbH", "versions": [ { "lessThan": "2.2.0p15", "status": "affected", "version": "2.2.0", "versionType": "semver" }, { "lessThan": "2.1.0p37", "status": "affected", "version": "2.1.0", "versionType": "semver" }, { "lessThanOrEqual": "2.0.0p39", "status": "affected", "version": "2.0.0", "versionType": "semver" } ] } ], "descriptions": [ { "lang": "en", "value": "Improper neutralization of livestatus command delimiters in the availability timeline in Checkmk \u003c= 2.0.0p39, \u003c 2.1.0p37, and \u003c 2.2.0p15 allows arbitrary livestatus command execution for authorized users." } ], "impacts": [ { "capecId": "CAPEC-15", "descriptions": [ { "lang": "en", "value": "CAPEC-15: Command Delimiters" } ] } ], "metrics": [ { "cvssV3_1": { "baseScore": 7.6, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-140", "description": "CWE-140: Improper Neutralization of Delimiters", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-11-22T16:24:15.515Z", "orgId": "f7d6281c-4801-44ce-ace2-493291dedb0f", "shortName": "Checkmk" }, "references": [ { "url": "https://checkmk.com/werk/16221" } ], "title": "Livestatus injection in availability timeline" } }, "cveMetadata": { "assignerOrgId": "f7d6281c-4801-44ce-ace2-493291dedb0f", "assignerShortName": "Checkmk", "cveId": "CVE-2023-6156", "datePublished": "2023-11-22T16:24:15.515Z", "dateReserved": "2023-11-15T16:38:31.845Z", "dateUpdated": "2024-08-02T08:21:17.614Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-8606
Vulnerability from cvelistv5
Published
2024-09-23 07:01
Modified
2024-09-23 15:33
Severity ?
EPSS score ?
Summary
Bypass of two factor authentication in RestAPI in Checkmk < 2.3.0p16 and < 2.2.0p34 allows authenticated users to bypass two factor authentication
References
▼ | URL | Tags |
---|---|---|
https://checkmk.com/werk/16218 |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Checkmk GmbH | Checkmk |
Version: 2.3.0 ≤ Version: 2.2.0 ≤ |
|
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:a:checkmk:checkmk:*:*:*:*:*:*:*:*" ], "defaultStatus": "unaffected", "product": "checkmk", "vendor": "checkmk", "versions": [ { "lessThan": "2.3.0p16", "status": "affected", "version": "2.3.0", "versionType": "semver" }, { "lessThan": "2.2.0p34", "status": "affected", "version": "2.2.0", "versionType": "custom" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2024-8606", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-09-23T15:32:23.848819Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-09-23T15:33:22.875Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Checkmk", "vendor": "Checkmk GmbH", "versions": [ { "lessThan": "2.3.0p16", "status": "affected", "version": "2.3.0", "versionType": "semver" }, { "lessThan": "2.2.0p34", "status": "affected", "version": "2.2.0", "versionType": "semver" } ] } ], "descriptions": [ { "lang": "en", "value": "Bypass of two factor authentication in RestAPI in Checkmk \u003c 2.3.0p16 and \u003c 2.2.0p34 allows authenticated users to bypass two factor authentication" } ], "impacts": [ { "capecId": "CAPEC-115", "descriptions": [ { "lang": "en", "value": "CAPEC-115: Authentication Bypass" } ] } ], "metrics": [ { "cvssV4_0": { "baseScore": 9.2, "baseSeverity": "CRITICAL", "vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", "version": "4.0" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-863", "description": "CWE-863: Incorrect Authorization", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-09-23T07:01:04.769Z", "orgId": "f7d6281c-4801-44ce-ace2-493291dedb0f", "shortName": "Checkmk" }, "references": [ { "url": "https://checkmk.com/werk/16218" } ], "title": "Fix 2FA bypass via RestAPI" } }, "cveMetadata": { "assignerOrgId": "f7d6281c-4801-44ce-ace2-493291dedb0f", "assignerShortName": "Checkmk", "cveId": "CVE-2024-8606", "datePublished": "2024-09-23T07:01:04.769Z", "dateReserved": "2024-09-09T09:39:58.785Z", "dateUpdated": "2024-09-23T15:33:22.875Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-6157
Vulnerability from cvelistv5
Published
2023-11-22 16:24
Modified
2024-08-02 08:21
Severity ?
EPSS score ?
Summary
Improper neutralization of livestatus command delimiters in ajax_search in Checkmk <= 2.0.0p39, < 2.1.0p37, and < 2.2.0p15 allows arbitrary livestatus command execution for authorized users.
References
▼ | URL | Tags |
---|---|---|
https://checkmk.com/werk/16221 |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Checkmk GmbH | Checkmk |
Version: 2.2.0 ≤ Version: 2.1.0 ≤ Version: 2.0.0 ≤ 2.0.0p39 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T08:21:17.625Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://checkmk.com/werk/16221" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Checkmk", "vendor": "Checkmk GmbH", "versions": [ { "lessThan": "2.2.0p15", "status": "affected", "version": "2.2.0", "versionType": "semver" }, { "lessThan": "2.1.0p37", "status": "affected", "version": "2.1.0", "versionType": "semver" }, { "lessThanOrEqual": "2.0.0p39", "status": "affected", "version": "2.0.0", "versionType": "semver" } ] } ], "descriptions": [ { "lang": "en", "value": "Improper neutralization of livestatus command delimiters in ajax_search in Checkmk \u003c= 2.0.0p39, \u003c 2.1.0p37, and \u003c 2.2.0p15 allows arbitrary livestatus command execution for authorized users." } ], "impacts": [ { "capecId": "CAPEC-15", "descriptions": [ { "lang": "en", "value": "CAPEC-15: Command Delimiters" } ] } ], "metrics": [ { "cvssV3_1": { "baseScore": 7.6, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-140", "description": "CWE-140: Improper Neutralization of Delimiters", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-11-22T16:24:22.002Z", "orgId": "f7d6281c-4801-44ce-ace2-493291dedb0f", "shortName": "Checkmk" }, "references": [ { "url": "https://checkmk.com/werk/16221" } ], "title": "Livestatus injection in ajax_search" } }, "cveMetadata": { "assignerOrgId": "f7d6281c-4801-44ce-ace2-493291dedb0f", "assignerShortName": "Checkmk", "cveId": "CVE-2023-6157", "datePublished": "2023-11-22T16:24:22.002Z", "dateReserved": "2023-11-15T16:39:53.614Z", "dateUpdated": "2024-08-02T08:21:17.625Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-1742
Vulnerability from cvelistv5
Published
2024-03-22 10:26
Modified
2024-08-12 18:34
Severity ?
EPSS score ?
Summary
Invocation of the sqlplus command with sensitive information in the command line in the mk_oracle Checkmk agent plugin before Checkmk 2.3.0b4 (beta), 2.2.0p24, 2.1.0p41 and 2.0.0 (EOL) allows the extraction of this information from the process list.
References
▼ | URL | Tags |
---|---|---|
https://checkmk.com/werk/16234 |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Checkmk GmbH | Checkmk |
Version: 2.3.0 ≤ Version: 2.2.0 ≤ Version: 2.1.0 ≤ Version: 2.0.0 ≤ 2.0.0p39 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-01T18:48:21.919Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://checkmk.com/werk/16234" } ], "title": "CVE Program Container" }, { "affected": [ { "cpes": [ "cpe:2.3:a:checkmk:checkmk:*:*:*:*:*:*:*:*" ], "defaultStatus": "unaffected", "product": "checkmk", "vendor": "checkmk", "versions": [ { "lessThan": "2.3.0b4", "status": "affected", "version": "2.3.0", "versionType": "semver" }, { "lessThan": "2.2.0p24", "status": "affected", "version": "2.2.0", "versionType": "semver" }, { "lessThan": "2.1.0p41", "status": "affected", "version": "2.1.0", "versionType": "semver" }, { "lessThan": "2.0.0p39", "status": "affected", "version": "2.0.0", "versionType": "semver" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2024-1742", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-03-28T19:12:10.406234Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-08-12T18:34:37.823Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Checkmk", "vendor": "Checkmk GmbH", "versions": [ { "lessThan": "2.3.0b4", "status": "affected", "version": "2.3.0", "versionType": "semver" }, { "lessThan": "2.2.0p24", "status": "affected", "version": "2.2.0", "versionType": "semver" }, { "lessThan": "2.1.0p41", "status": "affected", "version": "2.1.0", "versionType": "semver" }, { "lessThanOrEqual": "2.0.0p39", "status": "affected", "version": "2.0.0", "versionType": "semver" } ] } ], "descriptions": [ { "lang": "en", "value": "Invocation of the sqlplus command with sensitive information in the command line in the mk_oracle Checkmk agent plugin before Checkmk 2.3.0b4 (beta), 2.2.0p24, 2.1.0p41 and 2.0.0 (EOL) allows the extraction of this information from the process list." } ], "impacts": [ { "capecId": "CAPEC-150", "descriptions": [ { "lang": "en", "value": "CAPEC-150: Collect Data from Common Resource Locations" } ] } ], "metrics": [ { "cvssV3_1": { "baseScore": 3.8, "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-214", "description": "CWE-214: Invocation of Process Using Visible Sensitive Information", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-03-22T10:26:06.238Z", "orgId": "f7d6281c-4801-44ce-ace2-493291dedb0f", "shortName": "Checkmk" }, "references": [ { "url": "https://checkmk.com/werk/16234" } ], "title": "Information disclosure in mk_oracle Checkmk agent plugin" } }, "cveMetadata": { "assignerOrgId": "f7d6281c-4801-44ce-ace2-493291dedb0f", "assignerShortName": "Checkmk", "cveId": "CVE-2024-1742", "datePublished": "2024-03-22T10:26:06.238Z", "dateReserved": "2024-02-22T12:43:58.785Z", "dateUpdated": "2024-08-12T18:34:37.823Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-28827
Vulnerability from cvelistv5
Published
2024-07-10 12:41
Modified
2024-08-02 00:56
Severity ?
EPSS score ?
Summary
Incorrect permissions on the Checkmk Windows Agent's data directory in Checkmk < 2.3.0p8, < 2.2.0p29, < 2.1.0p45, and <= 2.0.0p39 (EOL) allows a local attacker to gain SYSTEM privileges.
References
▼ | URL | Tags |
---|---|---|
https://checkmk.com/werk/16845 |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Checkmk GmbH | Checkmk |
Version: 2.3.0 ≤ Version: 2.2.0 ≤ Version: 2.1.0 ≤ Version: 2.0.0 ≤ 2.0.0p39 |
|
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:a:checkmk:checkmk:2.0.0:*:*:*:*:*:*:*" ], "defaultStatus": "unaffected", "product": "checkmk", "vendor": "checkmk", "versions": [ { "lessThanOrEqual": "2.0.0p39", "status": "affected", "version": "2.0.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:checkmk:checkmk:2.1.0:*:*:*:*:*:*:*" ], "defaultStatus": "unaffected", "product": "checkmk", "vendor": "checkmk", "versions": [ { "lessThan": "2.1.0p45", "status": "affected", "version": "2.1.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:checkmk:checkmk:2.2.0:*:*:*:*:*:*:*" ], "defaultStatus": "unaffected", "product": "checkmk", "vendor": "checkmk", "versions": [ { "lessThan": "2.2.0p29", "status": "affected", "version": "2.2.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:checkmk:checkmk:2.3.0:*:*:*:*:*:*:*" ], "defaultStatus": "unaffected", "product": "checkmk", "vendor": "checkmk", "versions": [ { "lessThan": "2.3.0p8", "status": "affected", "version": "2.3.0", "versionType": "custom" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2024-28827", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-07-10T13:10:28.297013Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-07-11T16:31:48.895Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T00:56:58.208Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://checkmk.com/werk/16845" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Checkmk", "vendor": "Checkmk GmbH", "versions": [ { "lessThan": "2.3.0p8", "status": "affected", "version": "2.3.0", "versionType": "semver" }, { "lessThan": "2.2.0p29", "status": "affected", "version": "2.2.0", "versionType": "semver" }, { "lessThan": "2.1.0p45", "status": "affected", "version": "2.1.0", "versionType": "semver" }, { "lessThanOrEqual": "2.0.0p39", "status": "affected", "version": "2.0.0", "versionType": "semver" } ] } ], "credits": [ { "lang": "en", "type": "reporter", "value": "modzero GmbH" } ], "descriptions": [ { "lang": "en", "value": "Incorrect permissions on the Checkmk Windows Agent\u0027s data directory in Checkmk \u003c 2.3.0p8, \u003c 2.2.0p29, \u003c 2.1.0p45, and \u003c= 2.0.0p39 (EOL) allows a local attacker to gain SYSTEM privileges." } ], "impacts": [ { "capecId": "CAPEC-233", "descriptions": [ { "lang": "en", "value": "CAPEC-233: Privilege Escalation" } ] } ], "metrics": [ { "cvssV3_1": { "baseScore": 8.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-732", "description": "CWE-732: Incorrect Permission Assignment for Critical Resource", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-07-10T12:41:04.948Z", "orgId": "f7d6281c-4801-44ce-ace2-493291dedb0f", "shortName": "Checkmk" }, "references": [ { "url": "https://checkmk.com/werk/16845" } ], "title": "Privilege escalation in Windows agent" } }, "cveMetadata": { "assignerOrgId": "f7d6281c-4801-44ce-ace2-493291dedb0f", "assignerShortName": "Checkmk", "cveId": "CVE-2024-28827", "datePublished": "2024-07-10T12:41:04.948Z", "dateReserved": "2024-03-11T13:21:43.122Z", "dateUpdated": "2024-08-02T00:56:58.208Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-0670
Vulnerability from cvelistv5
Published
2024-03-11 14:50
Modified
2024-08-12 18:36
Severity ?
EPSS score ?
Summary
Privilege escalation in windows agent plugin in Checkmk before 2.2.0p23, 2.1.0p40 and 2.0.0 (EOL) allows local user to escalate privileges
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Checkmk GmbH | Checkmk |
Version: 2.2.0 ≤ Version: 2.1.0 ≤ Version: 2.0.0 ≤ 2.0.0p39 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-01T18:11:35.672Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://checkmk.com/werk/16361" }, { "tags": [ "x_transferred" ], "url": "http://seclists.org/fulldisclosure/2024/Mar/29" } ], "title": "CVE Program Container" }, { "affected": [ { "cpes": [ "cpe:2.3:a:checkmk:checkmk:*:*:*:*:*:*:*:*" ], "defaultStatus": "unaffected", "product": "checkmk", "vendor": "checkmk", "versions": [ { "lessThan": "2.2.0p23", "status": "affected", "version": "2.2.0", "versionType": "semver" }, { "lessThan": "2.1.0p40", "status": "affected", "version": "2.1.0", "versionType": "semver" }, { "lessThan": "2.0.0p39", "status": "affected", "version": "2.0.0", "versionType": "semver" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2024-0670", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-03-12T18:21:01.803225Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-08-12T18:36:03.818Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Checkmk", "vendor": "Checkmk GmbH", "versions": [ { "lessThan": "2.2.0p23", "status": "affected", "version": "2.2.0", "versionType": "semver" }, { "lessThan": "2.1.0p40", "status": "affected", "version": "2.1.0", "versionType": "semver" }, { "lessThanOrEqual": "2.0.0p39", "status": "affected", "version": "2.0.0", "versionType": "semver" } ] } ], "descriptions": [ { "lang": "en", "value": "Privilege escalation in windows agent plugin in Checkmk before 2.2.0p23, 2.1.0p40 and 2.0.0 (EOL) allows local user to escalate privileges" } ], "impacts": [ { "capecId": "CAPEC-233", "descriptions": [ { "lang": "en", "value": "CAPEC-233 Privilege Escalation" } ] } ], "metrics": [ { "cvssV3_1": { "baseScore": 8.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-427", "description": "CWE-427 Uncontrolled Search Path Element", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-03-11T14:50:59.415Z", "orgId": "f7d6281c-4801-44ce-ace2-493291dedb0f", "shortName": "Checkmk" }, "references": [ { "url": "https://checkmk.com/werk/16361" }, { "url": "http://seclists.org/fulldisclosure/2024/Mar/29" } ], "title": "Privilege escalation in windows agent" } }, "cveMetadata": { "assignerOrgId": "f7d6281c-4801-44ce-ace2-493291dedb0f", "assignerShortName": "Checkmk", "cveId": "CVE-2024-0670", "datePublished": "2024-03-11T14:50:59.415Z", "dateReserved": "2024-01-18T09:51:30.688Z", "dateUpdated": "2024-08-12T18:36:03.818Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-28828
Vulnerability from cvelistv5
Published
2024-07-10 12:41
Modified
2024-08-02 00:56
Severity ?
EPSS score ?
Summary
Cross-Site request forgery in Checkmk < 2.3.0p8, < 2.2.0p29, < 2.1.0p45, and <= 2.0.0p39 (EOL) could lead to 1-click compromize of the site.
References
▼ | URL | Tags |
---|---|---|
https://checkmk.com/werk/17090 |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Checkmk GmbH | Checkmk |
Version: 2.3.0 ≤ Version: 2.2.0 ≤ Version: 2.1.0 ≤ Version: 2.0.0 ≤ 2.0.0p39 |
|
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:a:checkmk:checkmk:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "checkmk", "vendor": "checkmk", "versions": [ { "lessThan": "2.3.0p8", "status": "affected", "version": "2.3.0", "versionType": "semver" }, { "lessThan": "2.2.0p29", "status": "affected", "version": "2.2.0", "versionType": "semver" }, { "lessThan": "2.1.0p45", "status": "affected", "version": "2.1.0", "versionType": "semver" }, { "lessThanOrEqual": "2.0.0p39", "status": "affected", "version": "2.0.0", "versionType": "semver" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2024-28828", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-07-10T13:13:26.418829Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-07-10T20:17:11.996Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T00:56:58.057Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://checkmk.com/werk/17090" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Checkmk", "vendor": "Checkmk GmbH", "versions": [ { "lessThan": "2.3.0p8", "status": "affected", "version": "2.3.0", "versionType": "semver" }, { "lessThan": "2.2.0p29", "status": "affected", "version": "2.2.0", "versionType": "semver" }, { "lessThan": "2.1.0p45", "status": "affected", "version": "2.1.0", "versionType": "semver" }, { "lessThanOrEqual": "2.0.0p39", "status": "affected", "version": "2.0.0", "versionType": "semver" } ] } ], "credits": [ { "lang": "en", "type": "reporter", "value": "PS Positive Security GmbH" } ], "descriptions": [ { "lang": "en", "value": "Cross-Site request forgery in Checkmk \u003c 2.3.0p8, \u003c 2.2.0p29, \u003c 2.1.0p45, and \u003c= 2.0.0p39 (EOL) could lead to 1-click compromize of the site." } ], "impacts": [ { "capecId": "CAPEC-62", "descriptions": [ { "lang": "en", "value": "CAPEC-62: Cross Site Request Forgery" } ] } ], "metrics": [ { "cvssV3_1": { "baseScore": 8.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-352", "description": "CWE-352: Cross-Site Request Forgery (CSRF)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-07-10T12:41:13.934Z", "orgId": "f7d6281c-4801-44ce-ace2-493291dedb0f", "shortName": "Checkmk" }, "references": [ { "url": "https://checkmk.com/werk/17090" } ], "title": "1-Click compromize via CSRF" } }, "cveMetadata": { "assignerOrgId": "f7d6281c-4801-44ce-ace2-493291dedb0f", "assignerShortName": "Checkmk", "cveId": "CVE-2024-28828", "datePublished": "2024-07-10T12:41:13.934Z", "dateReserved": "2024-03-11T13:21:43.122Z", "dateUpdated": "2024-08-02T00:56:58.057Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-28831
Vulnerability from cvelistv5
Published
2024-06-25 11:45
Modified
2024-08-02 00:56
Severity ?
EPSS score ?
Summary
Stored XSS in some confirmation pop-ups in Checkmk before versions 2.3.0p7 and 2.2.0p28 allows Checkmk users to execute arbitrary scripts by injecting HTML elements into some user input fields that are shown in a confirmation pop-up.
References
▼ | URL | Tags |
---|---|---|
https://checkmk.com/werk/17025 |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Checkmk GmbH | Checkmk |
Version: 2.3.0 ≤ Version: 2.2.0 ≤ |
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-28831", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-06-27T13:42:22.871863Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-28T15:15:14.287Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T00:56:58.164Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://checkmk.com/werk/17025" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Checkmk", "vendor": "Checkmk GmbH", "versions": [ { "lessThan": "2.3.0p7", "status": "affected", "version": "2.3.0", "versionType": "semver" }, { "lessThan": "2.2.0p28", "status": "affected", "version": "2.2.0", "versionType": "semver" } ] } ], "credits": [ { "lang": "en", "type": "reporter", "value": "PS Positive Security GmbH" } ], "descriptions": [ { "lang": "en", "value": "Stored XSS in some confirmation pop-ups in Checkmk before versions 2.3.0p7 and 2.2.0p28 allows Checkmk users to execute arbitrary scripts by injecting HTML elements into some user input fields that are shown in a confirmation pop-up." } ], "impacts": [ { "capecId": "CAPEC-592", "descriptions": [ { "lang": "en", "value": "CAPEC-592: Stored XSS" } ] } ], "metrics": [ { "cvssV3_1": { "baseScore": 5.4, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-80", "description": "CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-06-25T11:45:27.259Z", "orgId": "f7d6281c-4801-44ce-ace2-493291dedb0f", "shortName": "Checkmk" }, "references": [ { "url": "https://checkmk.com/werk/17025" } ], "title": "XSS in confirmation pop-up" } }, "cveMetadata": { "assignerOrgId": "f7d6281c-4801-44ce-ace2-493291dedb0f", "assignerShortName": "Checkmk", "cveId": "CVE-2024-28831", "datePublished": "2024-06-25T11:45:27.259Z", "dateReserved": "2024-03-11T13:21:43.122Z", "dateUpdated": "2024-08-02T00:56:58.164Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-28830
Vulnerability from cvelistv5
Published
2024-06-26 07:56
Modified
2024-08-02 00:56
Severity ?
EPSS score ?
Summary
Insertion of Sensitive Information into Log File in Checkmk GmbH's Checkmk versions <2.3.0p7, <2.2.0p28, <2.1.0p45 and <=2.0.0p39 (EOL) causes automation user secrets to be written to audit log files accessible to administrators.
References
▼ | URL | Tags |
---|---|---|
https://checkmk.com/werk/17056 |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Checkmk GmbH | Checkmk |
Version: 2.3.0 ≤ Version: 2.2.0 ≤ Version: 2.1.0 ≤ Version: 2.0.0 ≤ 2.0.0p39 |
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-28830", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-06-26T14:02:28.117222Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-26T14:02:43.497Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T00:56:58.058Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://checkmk.com/werk/17056" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Checkmk", "vendor": "Checkmk GmbH", "versions": [ { "lessThan": "2.3.0p7", "status": "affected", "version": "2.3.0", "versionType": "semver" }, { "lessThan": "2.2.0p28", "status": "affected", "version": "2.2.0", "versionType": "semver" }, { "lessThan": "2.1.0p45", "status": "affected", "version": "2.1.0", "versionType": "semver" }, { "lessThanOrEqual": "2.0.0p39", "status": "affected", "version": "2.0.0", "versionType": "semver" } ] } ], "descriptions": [ { "lang": "en", "value": "Insertion of Sensitive Information into Log File in Checkmk GmbH\u0027s Checkmk versions \u003c2.3.0p7, \u003c2.2.0p28, \u003c2.1.0p45 and \u003c=2.0.0p39 (EOL) causes automation user secrets to be written to audit log files accessible to administrators." } ], "impacts": [ { "capecId": "CAPEC-560", "descriptions": [ { "lang": "en", "value": "CAPEC-560: Use of Known Domain Credentials" } ] } ], "metrics": [ { "cvssV3_1": { "baseScore": 2.7, "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-532", "description": "CWE-532: Insertion of Sensitive Information into Log File", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-06-26T07:56:57.020Z", "orgId": "f7d6281c-4801-44ce-ace2-493291dedb0f", "shortName": "Checkmk" }, "references": [ { "url": "https://checkmk.com/werk/17056" } ], "title": "Automation user secrets written to audit log" } }, "cveMetadata": { "assignerOrgId": "f7d6281c-4801-44ce-ace2-493291dedb0f", "assignerShortName": "Checkmk", "cveId": "CVE-2024-28830", "datePublished": "2024-06-26T07:56:57.020Z", "dateReserved": "2024-03-11T13:21:43.122Z", "dateUpdated": "2024-08-02T00:56:58.058Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-6747
Vulnerability from cvelistv5
Published
2024-10-10 07:43
Modified
2024-10-10 13:44
Severity ?
EPSS score ?
Summary
Information leakage in mknotifyd in Checkmk before 2.3.0p18, 2.2.0p36, 2.1.0p49 and in 2.0.0p39 (EOL) allows attacker to get potentially sensitive data
References
▼ | URL | Tags |
---|---|---|
https://checkmk.com/werk/17145 |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Checkmk GmbH | Checkmk |
Version: 2.3.0 ≤ Version: 2.2.0 ≤ Version: 2.1.0 ≤ Version: 2.0.0 ≤ 2.0.0p39 |
|
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:a:checkmk:checkmk:*:*:*:*:*:*:*:*" ], "defaultStatus": "unaffected", "product": "checkmk", "vendor": "checkmk", "versions": [ { "lessThan": "2.3.0p18", "status": "affected", "version": "2.3.0", "versionType": "semver" }, { "lessThan": "2.2.0p36", "status": "affected", "version": "2.2.0", "versionType": "semver" }, { "lessThan": "2.1.0p49", "status": "affected", "version": "2.1.0", "versionType": "semver" }, { "lessThan": "2.0.0p39", "status": "affected", "version": "2.0.0", "versionType": "semver" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2024-6747", "options": [ { "Exploitation": "none" }, { "Automatable": "yes" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-10-10T13:39:42.762205Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-10-10T13:44:21.470Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Checkmk", "vendor": "Checkmk GmbH", "versions": [ { "lessThan": "2.3.0p18", "status": "affected", "version": "2.3.0", "versionType": "semver" }, { "lessThan": "2.2.0p36", "status": "affected", "version": "2.2.0", "versionType": "semver" }, { "lessThan": "2.1.0p49", "status": "affected", "version": "2.1.0", "versionType": "semver" }, { "lessThanOrEqual": "2.0.0p39", "status": "affected", "version": "2.0.0", "versionType": "semver" } ] } ], "descriptions": [ { "lang": "en", "value": "Information leakage in mknotifyd in Checkmk before 2.3.0p18, 2.2.0p36, 2.1.0p49 and in 2.0.0p39 (EOL) allows attacker to get potentially sensitive data" } ], "impacts": [ { "capecId": "CAPEC-277", "descriptions": [ { "lang": "en", "value": "CAPEC-277: Data Interchange Protocol Manipulation" } ] } ], "metrics": [ { "cvssV3_1": { "baseScore": 5.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-201", "description": "CWE-201: Insertion of Sensitive Information Into Sent Data", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-10-10T07:43:48.050Z", "orgId": "f7d6281c-4801-44ce-ace2-493291dedb0f", "shortName": "Checkmk" }, "references": [ { "url": "https://checkmk.com/werk/17145" } ], "title": "Information leak in mknotifyd" } }, "cveMetadata": { "assignerOrgId": "f7d6281c-4801-44ce-ace2-493291dedb0f", "assignerShortName": "Checkmk", "cveId": "CVE-2024-6747", "datePublished": "2024-10-10T07:43:48.050Z", "dateReserved": "2024-07-15T11:36:34.147Z", "dateUpdated": "2024-10-10T13:44:21.470Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-38862
Vulnerability from cvelistv5
Published
2024-10-14 07:19
Modified
2024-10-14 15:34
Severity ?
EPSS score ?
Summary
Insertion of Sensitive Information into Log File in Checkmk GmbH's Checkmk versions <2.3.0p18, <2.2.0p35, <2.1.0p48 and <=2.0.0p39 (EOL) causes SNMP and IMPI secrets of host and folder properties to be written to audit log files accessible to administrators.
References
▼ | URL | Tags |
---|---|---|
https://checkmk.com/werk/17095 |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Checkmk GmbH | Checkmk |
Version: 2.0.0 ≤ 2.0.0p39 Version: 2.1.0 ≤ Version: 2.2.0 ≤ Version: 2.3.0 ≤ |
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-38862", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-10-14T15:34:27.471941Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-10-14T15:34:37.344Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Checkmk", "vendor": "Checkmk GmbH", "versions": [ { "lessThanOrEqual": "2.0.0p39", "status": "affected", "version": "2.0.0", "versionType": "semver" }, { "lessThan": "2.1.0p48", "status": "affected", "version": "2.1.0", "versionType": "semver" }, { "lessThan": "2.2.0p35", "status": "affected", "version": "2.2.0", "versionType": "semver" }, { "lessThan": "2.3.0p18", "status": "affected", "version": "2.3.0", "versionType": "semver" } ] } ], "descriptions": [ { "lang": "en", "value": "Insertion of Sensitive Information into Log File in Checkmk GmbH\u0027s Checkmk versions \u003c2.3.0p18, \u003c2.2.0p35, \u003c2.1.0p48 and \u003c=2.0.0p39 (EOL) causes SNMP and IMPI secrets of host and folder properties to be written to audit log files accessible to administrators." } ], "impacts": [ { "capecId": "CAPEC-560", "descriptions": [ { "lang": "en", "value": "CAPEC-560: Use of Known Domain Credentials" } ] } ], "metrics": [ { "cvssV4_0": { "baseScore": 5.1, "baseSeverity": "MEDIUM", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:N/SC:L/SI:N/SA:N", "version": "4.0" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-532", "description": "CWE-532: Insertion of Sensitive Information into Log File", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-10-14T07:19:01.674Z", "orgId": "f7d6281c-4801-44ce-ace2-493291dedb0f", "shortName": "Checkmk" }, "references": [ { "url": "https://checkmk.com/werk/17095" } ], "title": "SNMP and IMPI secrets written to audit log" } }, "cveMetadata": { "assignerOrgId": "f7d6281c-4801-44ce-ace2-493291dedb0f", "assignerShortName": "Checkmk", "cveId": "CVE-2024-38862", "datePublished": "2024-10-14T07:19:01.674Z", "dateReserved": "2024-06-20T10:03:09.178Z", "dateUpdated": "2024-10-14T15:34:37.344Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-38860
Vulnerability from cvelistv5
Published
2024-09-17 14:01
Modified
2024-09-17 17:16
Severity ?
EPSS score ?
Summary
Improper neutralization of input in Checkmk before versions 2.3.0p16 and 2.2.0p34 allows attackers to craft malicious links that can facilitate phishing attacks.
References
▼ | URL | Tags |
---|---|---|
https://checkmk.com/werk/17094 |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Checkmk GmbH | Checkmk |
Version: 2.2.0 ≤ Version: 2.3.0 ≤ |
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-38860", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-09-17T17:15:39.573190Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-09-17T17:16:28.885Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Checkmk", "vendor": "Checkmk GmbH", "versions": [ { "lessThan": "2.2.0p34", "status": "affected", "version": "2.2.0", "versionType": "semver" }, { "lessThan": "2.3.0p16", "status": "affected", "version": "2.3.0", "versionType": "semver" } ] } ], "descriptions": [ { "lang": "en", "value": "Improper neutralization of input in Checkmk before versions 2.3.0p16 and 2.2.0p34 allows attackers to craft malicious links that can facilitate phishing attacks." } ], "impacts": [ { "capecId": "CAPEC-591", "descriptions": [ { "lang": "en", "value": "CAPEC-591: Reflected XSS" } ] } ], "metrics": [ { "cvssV4_0": { "baseScore": 5.1, "baseSeverity": "MEDIUM", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N", "version": "4.0" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-79", "description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-09-17T14:01:09.555Z", "orgId": "f7d6281c-4801-44ce-ace2-493291dedb0f", "shortName": "Checkmk" }, "references": [ { "url": "https://checkmk.com/werk/17094" } ], "title": "Reflected links in error message facilitate phishing attacks" } }, "cveMetadata": { "assignerOrgId": "f7d6281c-4801-44ce-ace2-493291dedb0f", "assignerShortName": "Checkmk", "cveId": "CVE-2024-38860", "datePublished": "2024-09-17T14:01:09.555Z", "dateReserved": "2024-06-20T10:03:09.178Z", "dateUpdated": "2024-09-17T17:16:28.885Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-0638
Vulnerability from cvelistv5
Published
2024-03-22 10:25
Modified
2024-08-02 14:54
Severity ?
EPSS score ?
Summary
Least privilege violation in the Checkmk agent plugins mk_oracle, mk_oracle.ps1, and mk_oracle_crs before Checkmk 2.3.0b4 (beta), 2.2.0p24, 2.1.0p41 and 2.0.0 (EOL) allows local users to escalate privileges.
References
▼ | URL | Tags |
---|---|---|
https://checkmk.com/werk/16232 |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Checkmk GmbH | Checkmk |
Version: 2.3.0 ≤ Version: 2.2.0 ≤ Version: 2.1.0 ≤ Version: 2.0.0 ≤ 2.0.0p39 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-01T18:11:35.679Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://checkmk.com/werk/16232" } ], "title": "CVE Program Container" }, { "affected": [ { "cpes": [ "cpe:2.3:a:checkmk:checkmk:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "checkmk", "vendor": "checkmk", "versions": [ { "lessThan": "2.3.0b4", "status": "affected", "version": "2.3.0", "versionType": "semver" }, { "lessThan": "2.2.0p24", "status": "affected", "version": "2.2.0", "versionType": "semver" }, { "lessThan": "2.1.0p41", "status": "affected", "version": "2.1.0", "versionType": "semver" }, { "lessThan": "2.0.0p39", "status": "affected", "version": "2.0.0", "versionType": "semver" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2024-0638", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-08-02T14:50:20.039040Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-08-02T14:54:20.182Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Checkmk", "vendor": "Checkmk GmbH", "versions": [ { "lessThan": "2.3.0b4", "status": "affected", "version": "2.3.0", "versionType": "semver" }, { "lessThan": "2.2.0p24", "status": "affected", "version": "2.2.0", "versionType": "semver" }, { "lessThan": "2.1.0p41", "status": "affected", "version": "2.1.0", "versionType": "semver" }, { "lessThanOrEqual": "2.0.0p39", "status": "affected", "version": "2.0.0", "versionType": "semver" } ] } ], "descriptions": [ { "lang": "en", "value": "Least privilege violation in the Checkmk agent plugins mk_oracle, mk_oracle.ps1, and mk_oracle_crs before Checkmk 2.3.0b4 (beta), 2.2.0p24, 2.1.0p41 and 2.0.0 (EOL) allows local users to escalate privileges." } ], "impacts": [ { "capecId": "CAPEC-233", "descriptions": [ { "lang": "en", "value": "CAPEC-233 Privilege Escalation" } ] } ], "metrics": [ { "cvssV3_1": { "baseScore": 8.2, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-272", "description": "CWE-272: Least Privilege Violation", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-03-22T10:25:35.675Z", "orgId": "f7d6281c-4801-44ce-ace2-493291dedb0f", "shortName": "Checkmk" }, "references": [ { "url": "https://checkmk.com/werk/16232" } ], "title": "Privilege escalation in mk_oracle plugins" } }, "cveMetadata": { "assignerOrgId": "f7d6281c-4801-44ce-ace2-493291dedb0f", "assignerShortName": "Checkmk", "cveId": "CVE-2024-0638", "datePublished": "2024-03-22T10:25:35.675Z", "dateReserved": "2024-01-17T09:09:03.629Z", "dateUpdated": "2024-08-02T14:54:20.182Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-5741
Vulnerability from cvelistv5
Published
2024-06-17 11:16
Modified
2024-08-01 21:18
Severity ?
EPSS score ?
Summary
Stored XSS in inventory tree rendering in Checkmk before 2.3.0p7, 2.2.0p28, 2.1.0p45 and 2.0.0 (EOL)
References
▼ | URL | Tags |
---|---|---|
https://checkmk.com/werk/17009 |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Checkmk GmbH | Checkmk |
Version: 2.3.0 ≤ Version: 2.2.0 ≤ Version: 2.1.0 ≤ |
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-5741", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-07-11T17:25:16.096272Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-07-12T15:59:54.395Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-01T21:18:07.062Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://checkmk.com/werk/17009" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Checkmk", "vendor": "Checkmk GmbH", "versions": [ { "lessThan": "2.3.0p7", "status": "affected", "version": "2.3.0", "versionType": "semver" }, { "lessThan": "2.2.0p28", "status": "affected", "version": "2.2.0", "versionType": "semver" }, { "lessThan": "2.1.0p45", "status": "affected", "version": "2.1.0", "versionType": "semver" } ] } ], "descriptions": [ { "lang": "en", "value": "Stored XSS in inventory tree rendering in Checkmk before 2.3.0p7, 2.2.0p28, 2.1.0p45 and 2.0.0 (EOL)" } ], "impacts": [ { "capecId": "CAPEC-592", "descriptions": [ { "lang": "en", "value": "CAPEC-592: Stored XSS" } ] } ], "metrics": [ { "cvssV3_1": { "baseScore": 6.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-80", "description": "CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-06-17T11:16:59.771Z", "orgId": "f7d6281c-4801-44ce-ace2-493291dedb0f", "shortName": "Checkmk" }, "references": [ { "url": "https://checkmk.com/werk/17009" } ], "title": "XSS in inventory view" } }, "cveMetadata": { "assignerOrgId": "f7d6281c-4801-44ce-ace2-493291dedb0f", "assignerShortName": "Checkmk", "cveId": "CVE-2024-5741", "datePublished": "2024-06-17T11:16:59.771Z", "dateReserved": "2024-06-07T11:12:12.752Z", "dateUpdated": "2024-08-01T21:18:07.062Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-6052
Vulnerability from cvelistv5
Published
2024-07-03 14:30
Modified
2024-09-16 13:57
Severity ?
EPSS score ?
Summary
Stored XSS in Checkmk before versions 2.3.0p8, 2.2.0p29, 2.1.0p45, and 2.0.0 (EOL) allows users to execute arbitrary scripts by injecting HTML elements
References
▼ | URL | Tags |
---|---|---|
https://checkmk.com/werk/17010 |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Checkmk GmbH | Checkmk |
Version: 2.3.0 ≤ Version: 2.2.0 ≤ Version: 2.1.0 ≤ Version: 2.0.0 ≤ 2.0.0p39 |
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-6052", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-07-03T19:09:47.519408Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-07-05T12:41:16.600Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-01T21:25:03.253Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://checkmk.com/werk/17010" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Checkmk", "vendor": "Checkmk GmbH", "versions": [ { "lessThan": "2.3.0p8", "status": "affected", "version": "2.3.0", "versionType": "semver" }, { "lessThan": "2.2.0p29", "status": "affected", "version": "2.2.0", "versionType": "semver" }, { "lessThan": "2.1.0p45", "status": "affected", "version": "2.1.0", "versionType": "semver" }, { "lessThanOrEqual": "2.0.0p39", "status": "affected", "version": "2.0.0", "versionType": "semver" } ] } ], "descriptions": [ { "lang": "en", "value": "Stored XSS in Checkmk before versions 2.3.0p8, 2.2.0p29, 2.1.0p45, and 2.0.0 (EOL) allows users to execute arbitrary scripts by injecting HTML elements" } ], "impacts": [ { "capecId": "CAPEC-592", "descriptions": [ { "lang": "en", "value": "CAPEC-592: Stored XSS" } ] } ], "metrics": [ { "cvssV3_1": { "baseScore": 6.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-80", "description": "CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-09-16T13:57:30.913Z", "orgId": "f7d6281c-4801-44ce-ace2-493291dedb0f", "shortName": "Checkmk" }, "references": [ { "url": "https://checkmk.com/werk/17010" } ], "title": "XSS in SQL check parameters" } }, "cveMetadata": { "assignerOrgId": "f7d6281c-4801-44ce-ace2-493291dedb0f", "assignerShortName": "Checkmk", "cveId": "CVE-2024-6052", "datePublished": "2024-07-03T14:30:31.332Z", "dateReserved": "2024-06-17T10:10:12.212Z", "dateUpdated": "2024-09-16T13:57:30.913Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-6163
Vulnerability from cvelistv5
Published
2024-07-08 13:01
Modified
2024-08-02 14:54
Severity ?
EPSS score ?
Summary
Certain http endpoints of Checkmk in Checkmk < 2.3.0p10 < 2.2.0p31, < 2.1.0p46, <= 2.0.0p39 allows remote attacker to bypass authentication and access data
References
▼ | URL | Tags |
---|---|---|
https://checkmk.com/werk/17011 |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Checkmk GmbH | Checkmk |
Version: 2.3.0 ≤ Version: 2.2.0 ≤ Version: 2.1.0 ≤ Version: 2.0.0 ≤ 2.0.0p39 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-01T21:33:05.146Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://checkmk.com/werk/17011" } ], "title": "CVE Program Container" }, { "affected": [ { "cpes": [ "cpe:2.3:a:checkmk:checkmk:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "checkmk", "vendor": "checkmk", "versions": [ { "lessThan": "2.3.0p10", "status": "affected", "version": "2.3.0", "versionType": "semver" }, { "lessThan": "2.2.0p31", "status": "affected", "version": "2.2.0", "versionType": "semver" }, { "lessThan": "2.1.0p46", "status": "affected", "version": "2.1.0", "versionType": "semver" }, { "lessThanOrEqual": "2.0.0p39", "status": "affected", "version": "2.0.0", "versionType": "semver" } ] } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" } }, { "other": { "content": { "id": "CVE-2024-6163", "options": [ { "Exploitation": "none" }, { "Automatable": "yes" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-07-08T13:28:14.763028Z", "version": "2.0.3" }, "type": "ssvc" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-290", "description": "CWE-290 Authentication Bypass by Spoofing", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-08-02T14:54:45.554Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Checkmk", "vendor": "Checkmk GmbH", "versions": [ { "lessThan": "2.3.0p10", "status": "affected", "version": "2.3.0", "versionType": "semver" }, { "lessThan": "2.2.0p31", "status": "affected", "version": "2.2.0", "versionType": "semver" }, { "lessThan": "2.1.0p46", "status": "affected", "version": "2.1.0", "versionType": "semver" }, { "lessThanOrEqual": "2.0.0p39", "status": "affected", "version": "2.0.0", "versionType": "semver" } ] } ], "credits": [ { "lang": "en", "type": "reporter", "value": "PS Positive Security GmbH" } ], "descriptions": [ { "lang": "en", "value": "Certain http endpoints of Checkmk in Checkmk \u003c 2.3.0p10 \u003c 2.2.0p31, \u003c 2.1.0p46, \u003c= 2.0.0p39 allows remote attacker to bypass authentication and access data" } ], "impacts": [ { "capecId": "CAPEC-22", "descriptions": [ { "lang": "en", "value": "CAPEC-22: Exploiting Trust in Client" } ] } ], "metrics": [ { "cvssV3_1": { "baseScore": 5.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-290", "description": "CWE-290: Authentication Bypass by Spoofing", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-07-08T13:01:38.306Z", "orgId": "f7d6281c-4801-44ce-ace2-493291dedb0f", "shortName": "Checkmk" }, "references": [ { "url": "https://checkmk.com/werk/17011" } ], "title": "local IP restriction of internal HTTP endpoints" } }, "cveMetadata": { "assignerOrgId": "f7d6281c-4801-44ce-ace2-493291dedb0f", "assignerShortName": "Checkmk", "cveId": "CVE-2024-6163", "datePublished": "2024-07-08T13:01:38.306Z", "dateReserved": "2024-06-19T14:29:48.101Z", "dateUpdated": "2024-08-02T14:54:45.554Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-28824
Vulnerability from cvelistv5
Published
2024-03-22 10:26
Modified
2024-08-02 00:56
Severity ?
EPSS score ?
Summary
Least privilege violation and reliance on untrusted inputs in the mk_informix Checkmk agent plugin before Checkmk 2.3.0b4 (beta), 2.2.0p24, 2.1.0p41 and 2.0.0 (EOL) allows local users to escalate privileges.
References
▼ | URL | Tags |
---|---|---|
https://checkmk.com/werk/16198 |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Checkmk GmbH | Checkmk |
Version: 2.3.0 ≤ Version: 2.2.0 ≤ Version: 2.1.0 ≤ Version: 2.0.0 ≤ 2.0.0p39 |
|
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:a:tribe29:checkmk:2.1.0:-:*:*:*:*:*:*", "cpe:2.3:a:tribe29:checkmk:2.2.0:-:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "checkmk", "vendor": "tribe29", "versions": [ { "lessThan": "2.1.0p41", "status": "affected", "version": "2.1.0", "versionType": "custom" }, { "lessThan": "2.2.0p24", "status": "affected", "version": "2.2.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:tribe29:checkmk:2.3.0:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "checkmk", "vendor": "tribe29", "versions": [ { "lessThan": "2.3.0b4", "status": "affected", "version": "2.3.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:tribe29:checkmk:2.0.0:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "checkmk", "vendor": "tribe29", "versions": [ { "lessThanOrEqual": "*", "status": "affected", "version": "2.0.0", "versionType": "custom" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2024-28824", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-03-22T14:58:33.907195Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-19T22:58:54.397Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T00:56:58.156Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://checkmk.com/werk/16198" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Checkmk", "vendor": "Checkmk GmbH", "versions": [ { "lessThan": "2.3.0b4", "status": "affected", "version": "2.3.0", "versionType": "semver" }, { "lessThan": "2.2.0p24", "status": "affected", "version": "2.2.0", "versionType": "semver" }, { "lessThan": "2.1.0p41", "status": "affected", "version": "2.1.0", "versionType": "semver" }, { "lessThanOrEqual": "2.0.0p39", "status": "affected", "version": "2.0.0", "versionType": "semver" } ] } ], "descriptions": [ { "lang": "en", "value": "Least privilege violation and reliance on untrusted inputs in the mk_informix Checkmk agent plugin before Checkmk 2.3.0b4 (beta), 2.2.0p24, 2.1.0p41 and 2.0.0 (EOL) allows local users to escalate privileges." } ], "impacts": [ { "capecId": "CAPEC-233", "descriptions": [ { "lang": "en", "value": "CAPEC-233 Privilege Escalation" } ] } ], "metrics": [ { "cvssV3_1": { "baseScore": 8.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-272", "description": "CWE-272: Least Privilege Violation", "lang": "en", "type": "CWE" }, { "cweId": "CWE-807", "description": "CWE-807: Reliance on Untrusted Inputs in a Security Decision", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-03-22T10:26:35.280Z", "orgId": "f7d6281c-4801-44ce-ace2-493291dedb0f", "shortName": "Checkmk" }, "references": [ { "url": "https://checkmk.com/werk/16198" } ], "title": "Privilege escalation in mk_informix plugin" } }, "cveMetadata": { "assignerOrgId": "f7d6281c-4801-44ce-ace2-493291dedb0f", "assignerShortName": "Checkmk", "cveId": "CVE-2024-28824", "datePublished": "2024-03-22T10:26:35.280Z", "dateReserved": "2024-03-11T13:21:43.122Z", "dateUpdated": "2024-08-02T00:56:58.156Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-28833
Vulnerability from cvelistv5
Published
2024-06-10 11:55
Modified
2024-08-02 00:56
Severity ?
EPSS score ?
Summary
Improper restriction of excessive authentication attempts with two factor authentication methods in Checkmk 2.3 before 2.3.0p6 facilitates brute-forcing of second factor mechanisms.
References
▼ | URL | Tags |
---|---|---|
https://checkmk.com/werk/16830 |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Checkmk GmbH | Checkmk |
Version: 2.3.0 ≤ |
|
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:a:checkmk:checkmk:2.3.0:*:*:*:*:*:*:*" ], "defaultStatus": "unaffected", "product": "checkmk", "vendor": "checkmk", "versions": [ { "lessThan": "2.3.0p6", "status": "affected", "version": "2.3.0", "versionType": "semver" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2024-28833", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-06-10T18:04:29.500256Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-19T22:52:07.799Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T00:56:58.393Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://checkmk.com/werk/16830" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Checkmk", "vendor": "Checkmk GmbH", "versions": [ { "lessThan": "2.3.0p6", "status": "affected", "version": "2.3.0", "versionType": "semver" } ] } ], "credits": [ { "lang": "en", "type": "reporter", "value": "PS Positive Security GmbH" } ], "descriptions": [ { "lang": "en", "value": "Improper restriction of excessive authentication attempts with two factor authentication methods in Checkmk 2.3 before 2.3.0p6 facilitates brute-forcing of second factor mechanisms." } ], "impacts": [ { "capecId": "CAPEC-112", "descriptions": [ { "lang": "en", "value": "CAPEC-112: Brute Force" } ] } ], "metrics": [ { "cvssV3_1": { "baseScore": 5.9, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-307", "description": "CWE-307: Improper Restriction of Excessive Authentication Attempts", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-06-19T08:12:15.306Z", "orgId": "f7d6281c-4801-44ce-ace2-493291dedb0f", "shortName": "Checkmk" }, "references": [ { "url": "https://checkmk.com/werk/16830" } ], "title": "Missing brute-force protection for two factor authentication" } }, "cveMetadata": { "assignerOrgId": "f7d6281c-4801-44ce-ace2-493291dedb0f", "assignerShortName": "Checkmk", "cveId": "CVE-2024-28833", "datePublished": "2024-06-10T11:55:50.571Z", "dateReserved": "2024-03-11T13:21:43.122Z", "dateUpdated": "2024-08-02T00:56:58.393Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }