Search CVE reports
1 – 10 of 109 results
Improper permission enforcement in Checkmk versions 2.4.0 before 2.4.0p23, 2.3.0 before 2.3.0p43, and 2.2.0 (EOL) allows unauthenticated users to enumerate existing hosts by observing different HTTP response codes in deploy_agent...
1 affected package
check-mk
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| check-mk | Not in release | Not in release | — | Needs evaluation |
Improper permission enforcement in Checkmk versions 2.4.0 before 2.4.0p23, 2.3.0 before 2.3.0p43, and 2.2.0 (EOL) allows authenticated users to enumerate existing hosts by observing different HTTP response codes...
1 affected package
check-mk
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| check-mk | Not in release | Not in release | — | Needs evaluation |
A logic error in the remove_password() function in Checkmk GmbH's Checkmk versions <2.4.0p23, <2.3.0p43, and 2.2.0 (EOL) allows a low-privileged user to cause data loss.
1 affected package
check-mk
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| check-mk | Not in release | Not in release | — | Needs evaluation |
Improper neutralization of input in Checkmk versions 2.4.0 before 2.4.0p22, and 2.3.0 before 2.3.0p43 allows an attacker that can manipulate a host's check output to inject malicious JavaScript into the Synthetic Monitoring HTML...
1 affected package
check-mk
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| check-mk | Not in release | Not in release | — | Needs evaluation |
Improper permission enforcement in Checkmk versions 2.4.0 before 2.4.0p21, 2.3.0 before 2.3.0p43, and 2.2.0 (EOL) allows users with the "Use WATO" permission to access the "Analyze configuration" page by directly navigating to its...
1 affected package
check-mk
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| check-mk | Not in release | Not in release | — | Needs evaluation |
SSH private keys of the "Remote alert handlers (Linux)" rule were exposed in the rule page's HTML source in Checkmk <= 2.4.0p18 and all versions of Checkmk 2.3.0. This potentially allowed unauthorized triggering of predefined...
1 affected package
check-mk
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| check-mk | Not in release | Not in release | — | Needs evaluation |
Insufficient permission validation in Checkmk versions prior to 2.4.0p17 and 2.3.0p42 allow low-privileged users to view agent information via the REST API, which could lead to information disclosure.
1 affected package
check-mk
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| check-mk | Not in release | Not in release | — | Needs evaluation |
In Checkmk versions prior to 2.4.0p16, 2.3.0p41, and all versions of 2.2.0 and older, the mk_inotify plugin creates world-readable and writable files, allowing any local user on the system to read the plugin's output...
1 affected package
check-mk
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| check-mk | Not in release | Not in release | — | Needs evaluation |
Insufficient permission validation in Checkmk 2.4.0 before version 2.4.0p16 allows low-privileged users to modify notification parameters via the REST API, which could lead to unauthorized actions or information disclosure.
1 affected package
check-mk
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| check-mk | Not in release | Not in release | — | Needs evaluation |
Insufficient permission validation on multiple REST API endpoints in Checkmk 2.2.0, 2.3.0, and 2.4.0 before version 2.4.0p16 allows low-privileged users to perform unauthorized actions or obtain sensitive information
1 affected package
check-mk
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| check-mk | Not in release | Not in release | — | Needs evaluation |