MidnightBSD

Advisories for checkmk

CVE-2017-14955 MEDIUM

Check_MK before 1.2.8p26 mishandles certain errors within the failed-login save feature because of a race condition, which allows remote attackers to obtain sensitive user information by reading a GUI crash report.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.9 MEDIUM CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N 2.2 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,CWE-362,

Products Affected

Vendor Product Version
checkmk checkmk 1.2.5
checkmk checkmk 1.2.7
checkmk checkmk 1.2.3
checkmk checkmk 1.2.6
checkmk checkmk 1.2.4
checkmk checkmk 1.2.8
CVE-2020-24908 HIGH

Checkmk before 1.6.0p17 allows local users to obtain SYSTEM privileges via a Trojan horse shell script in the %PROGRAMDATA%\checkmk\agent\local directory.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
checkmk checkmk 1.6.0
checkmk checkmk *
CVE-2020-28919 LOW

A stored cross site scripting (XSS) vulnerability in Checkmk 1.6.0x prior to 1.6.0p19 allows an authenticated remote attacker to inject arbitrary JavaScript via a javascript: URL in a view title.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.4 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N 2.3 2.7

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
checkmk checkmk 1.6.0
CVE-2021-36563 LOW

The CheckMK management web console (versions 1.5.0 to 2.0.0) does not sanitise user input in various parameters of the WATO module. This allows an attacker to open a backdoor on the device with HTML content and interpreted by the browser (such as JavaScript or other client-side scripts), the XSS payload will be triggered when the user accesses some specific sections of the application. In the same sense a very dangerous potential way would be when an attacker who has the monitor role (not administrator) manages to get a stored XSS to steal the secretAutomation (for the use of the API in administrator mode) and thus be able to create another administrator user who has high privileges on the CheckMK monitoring web console. Another way is that persistent XSS allows an attacker to modify the displayed content or change the victim's information. Successful exploitation requires access to the web management interface, either with valid credentials or with a hijacked session.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.4 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N 2.3 2.7

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
checkmk checkmk *
CVE-2021-40904 MEDIUM

The web management console of CheckMK Raw Edition (versions 1.5.0 to 1.6.0) allows a misconfiguration of the web-app Dokuwiki (installed by default), which allows embedded php code. As a result, remote code execution is achieved. Successful exploitation requires access to the web management interface, either with valid credentials or with a hijacked session by a user with the role of administrator.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-276,

Products Affected

Vendor Product Version
checkmk checkmk *
CVE-2021-40906 MEDIUM

CheckMK Raw Edition software (versions 1.5.0 to 1.6.0) does not sanitise the input of a web service parameter that is in an unauthenticated zone. This Reflected XSS allows an attacker to open a backdoor on the device with HTML content and interpreted by the browser (such as JavaScript or other client-side scripts) or to steal the session cookies of a user who has previously authenticated via a man in the middle. Successful exploitation requires access to the web service resource without authentication.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.1 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 2.8 2.7

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
checkmk checkmk 1.6.0
tribe29 checkmk 1.6.0b10
tribe29 checkmk 1.6.0p10
tribe29 checkmk 1.6.0b11
tribe29 checkmk 1.6.0p17
checkmk checkmk *
tribe29 checkmk 1.6.0p18
CVE-2022-24564 MEDIUM

Checkmk <=2.0.0p19 contains a Cross Site Scripting (XSS) vulnerability. While creating or editing a user attribute, the Help Text is subject to HTML injection, which can be triggered for editing a user.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.1 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 2.8 2.7

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
checkmk checkmk 2.0.0
CVE-2022-24565 LOW

Checkmk <=2.0.0p19 Fixed in 2.0.0p20 and Checkmk <=1.6.0p27 Fixed in 1.6.0p28 are affected by a Cross Site Scripting (XSS) vulnerability. The Alias of a site was not properly escaped when shown as condition for notifications.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.4 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N 2.3 2.7

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
checkmk checkmk 1.6.0
checkmk checkmk 2.0.0
CVE-2022-24566 LOW

In Checkmk <=2.0.0p19 fixed in 2.0.0p20 and Checkmk <=1.6.0p27 fixed in 1.6.0p28, the title of a Predefined condition is not properly escaped when shown as condition, which can result in Cross Site Scripting (XSS).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.4 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N 2.3 2.7

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
checkmk checkmk 1.6.0
checkmk checkmk 2.0.0
CVE-2022-31258 HIGH

In Checkmk before 1.6.0p29, 2.x before 2.0.0p25, and 2.1.x before 2.1.0b10, a site user can escalate to root by editing an OMD hook symlink.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cve@mitre.org 8.2 HIGH CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H 1.5 6.0
nvd@nist.gov 6.7 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-59,

Products Affected

Vendor Product Version
checkmk checkmk 1.6.0
checkmk checkmk 2.0.0
tribe29 checkmk 1.6.0b10
tribe29 checkmk 1.6.0p10
tribe29 checkmk 1.6.0b11
tribe29 checkmk 1.6.0p17
checkmk checkmk 2.1.0
tribe29 checkmk 1.6.0p15
tribe29 checkmk 1.6.0p13
tribe29 checkmk 1.6.0p16
tribe29 checkmk 1.6.0p11
checkmk checkmk *
tribe29 checkmk 1.6.0p12
tribe29 checkmk 1.6.0p14
tribe29 checkmk 1.6.0p18
CVE-2022-33912 HIGH

A permission issue affects users that deployed the shipped version of the Checkmk Debian package. Packages created by the agent bakery (enterprise editions only) were not affected. Using the shipped version of the agents, the maintainer scripts located at /var/lib/dpkg/info/ will be owned by the user and the group with ID 1001. If such a user exists on the system, they can change the content of these files (which are then executed by root). This leads to a local privilege escalation on the monitored host. Version 1.6 through 1.6.9p29, version 2.0 through 2.0.0p26, version 2.1 through 2.1.0p3, and version 2.2.0i1 are affected.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-276,

Products Affected

Vendor Product Version
checkmk checkmk 1.6.0
checkmk checkmk 2.0.0
tribe29 checkmk 1.6.0b10
tribe29 checkmk 1.6.0b11
checkmk checkmk 2.1.0
checkmk checkmk 2.2.0
CVE-2022-46302

Broad access controls could allow site users to directly interact with the system Apache installation when providing the reverse proxy configurations for Tribe29's Checkmk <= 2.1.0p6, Checkmk <= 2.0.0p27, and all versions of Checkmk 1.6.0 (EOL) allowing an attacker to perform remote code execution with root privileges on the underlying host.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security@checkmk.com 8.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H 2.0 6.0

Products Affected

Vendor Product Version
checkmk checkmk 1.6.0
checkmk checkmk 2.0.0
checkmk checkmk 2.1.0
CVE-2023-2020

Insufficient permission checks in the REST API in Tribe29 Checkmk <= 2.1.0p27 and <= 2.2.0b4 (beta) allow unauthorized users to schedule downtimes for any host.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security@checkmk.com 4.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N 2.8 1.4

Products Affected

Vendor Product Version
checkmk checkmk 2.1.0
checkmk checkmk 2.2.0
CVE-2023-22348

Improper Authorization in RestAPI in Checkmk GmbH's Checkmk versions <2.1.0p28 and <2.2.0b8 allows remote authenticated users to read arbitrary host_configs.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security@checkmk.com 4.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N 2.8 1.4

Products Affected

Vendor Product Version
checkmk checkmk 2.1.0
tribe29 checkmk *
checkmk checkmk 2.2.0
CVE-2023-22359

User enumeration in Checkmk <=2.2.0p4 allows an authenticated attacker to enumerate usernames.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security@checkmk.com 4.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N 2.8 1.4

Products Affected

Vendor Product Version
checkmk checkmk 2.2.0
CVE-2023-23548

Reflected XSS in business intelligence in Checkmk <2.2.0p8, <2.1.0p32, <2.0.0p38, <=1.6.0p30.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security@checkmk.com 5.4 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N 2.8 2.5

Products Affected

Vendor Product Version
checkmk checkmk 2.0.0
checkmk checkmk *
checkmk checkmk 2.1.0
checkmk checkmk 2.2.0
CVE-2023-31207

Transmission of credentials within query parameters in Checkmk <= 2.1.0p26, <= 2.0.0p35, and <= 2.2.0b6 (beta) may cause the automation user's secret to be written to the site Apache access log.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security@checkmk.com 4.4 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N 0.8 3.6

Products Affected

Vendor Product Version
checkmk checkmk 2.0.0
checkmk checkmk 2.1.0
checkmk checkmk 2.2.0
CVE-2023-31208

Improper neutralization of livestatus command delimiters in the RestAPI in Checkmk < 2.0.0p36, < 2.1.0p28, and < 2.2.0b8 (beta) allows arbitrary livestatus command execution for authorized users.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security@checkmk.com 8.3 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H 2.8 5.5

Products Affected

Vendor Product Version
checkmk checkmk 2.0.0
checkmk checkmk 2.1.0
tribe29 checkmk *
checkmk checkmk 2.2.0
CVE-2023-31209

Improper neutralization of active check command arguments in Checkmk < 2.1.0p32, < 2.0.0p38, < 2.2.0p4 leads to arbitrary command execution for authenticated users.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9
security@checkmk.com 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

Products Affected

Vendor Product Version
checkmk checkmk 2.0.0
checkmk checkmk 2.1.0
tribe29 checkmk *
checkmk checkmk 2.2.0
CVE-2024-0638

Least privilege violation in the Checkmk agent plugins mk_oracle, mk_oracle.ps1, and mk_oracle_crs before Checkmk 2.3.0b4 (beta), 2.2.0p24, 2.1.0p41 and 2.0.0 (EOL) allows local users to escalate privileges.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security@checkmk.com 8.2 HIGH CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H 1.5 6.0

Products Affected

Vendor Product Version
checkmk checkmk *
checkmk checkmk 2.1.0
checkmk checkmk 2.2.0
checkmk checkmk 2.3.0
CVE-2024-0670

Privilege escalation in windows agent plugin in Checkmk before 2.2.0p23, 2.1.0p40 and 2.0.0 (EOL) allows local user to escalate privileges

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security@checkmk.com 8.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H 2.0 6.0

Products Affected

Vendor Product Version
checkmk checkmk *
checkmk checkmk 2.1.0
checkmk checkmk 2.2.0
CVE-2024-1742

Invocation of the sqlplus command with sensitive information in the command line in the mk_oracle Checkmk agent plugin before Checkmk 2.3.0b4 (beta), 2.2.0p24, 2.1.0p41 and 2.0.0 (EOL) allows the extraction of this information from the process list.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security@checkmk.com 3.8 LOW CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N 2.0 1.4

Products Affected

Vendor Product Version
checkmk checkmk *
checkmk checkmk 2.1.0
checkmk checkmk 2.2.0
checkmk checkmk 2.3.0
CVE-2024-2380

Stored XSS in graph rendering in Checkmk <2.3.0b4.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security@checkmk.com 4.6 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N 2.1 2.5

Products Affected

Vendor Product Version
checkmk checkmk 2.3.0
CVE-2024-28824

Least privilege violation and reliance on untrusted inputs in the mk_informix Checkmk agent plugin before Checkmk 2.3.0b4 (beta), 2.2.0p24, 2.1.0p41 and 2.0.0 (EOL) allows local users to escalate privileges.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security@checkmk.com 8.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H 2.0 6.0

Products Affected

Vendor Product Version
checkmk checkmk *
checkmk checkmk 2.1.0
checkmk checkmk 2.2.0
checkmk checkmk 2.3.0
CVE-2024-28825

Improper restriction of excessive authentication attempts on some authentication methods in Checkmk before 2.3.0b5 (beta), 2.2.0p26, 2.1.0p43, and in Checkmk 2.0.0 (EOL) facilitates password brute-forcing.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security@checkmk.com 5.9 MEDIUM CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N 2.2 3.6

Products Affected

Vendor Product Version
checkmk checkmk *
checkmk checkmk 2.1.0
checkmk checkmk 2.2.0
checkmk checkmk 2.3.0
CVE-2024-28826

Improper restriction of local upload and download paths in check_sftp in Checkmk before 2.3.0p4, 2.2.0p27, 2.1.0p44, and in Checkmk 2.0.0 (EOL) allows attackers with sufficient permissions to configure the check to read and write local files on the Checkmk site server.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security@checkmk.com 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

Products Affected

Vendor Product Version
checkmk checkmk *
checkmk checkmk 2.1.0
checkmk checkmk 2.2.0
checkmk checkmk 2.3.0
CVE-2024-28827

Incorrect permissions on the Checkmk Windows Agent's data directory in Checkmk < 2.3.0p8, < 2.2.0p29, < 2.1.0p45, and <= 2.0.0p39 (EOL) allows a local attacker to gain SYSTEM privileges.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security@checkmk.com 8.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H 2.0 6.0

Products Affected

Vendor Product Version
checkmk checkmk *
checkmk checkmk 2.1.0
checkmk checkmk 2.2.0
checkmk checkmk 2.3.0
CVE-2024-28828

Cross-Site request forgery in Checkmk < 2.3.0p8, < 2.2.0p29, < 2.1.0p45, and <= 2.0.0p39 (EOL) could lead to 1-click compromize of the site.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security@checkmk.com 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 2.8 5.9

Products Affected

Vendor Product Version
checkmk checkmk 2.0.0
checkmk checkmk 2.1.0
checkmk checkmk 2.2.0
checkmk checkmk 2.3.0
CVE-2024-28829

Least privilege violation and reliance on untrusted inputs in the mk_informix Checkmk agent plugin before Checkmk 2.3.0p12, 2.2.0p32, 2.1.0p47 and 2.0.0 (EOL) allows local users to escalate privileges.

Products Affected

Vendor Product Version
checkmk checkmk 2.0.0
checkmk checkmk 2.1.0
checkmk checkmk 2.2.0
checkmk checkmk 2.3.0
CVE-2024-28830

Insertion of Sensitive Information into Log File in Checkmk GmbH's Checkmk versions <2.3.0p7, <2.2.0p28, <2.1.0p45 and <=2.0.0p39 (EOL) causes automation user secrets to be written to audit log files accessible to administrators.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security@checkmk.com 2.7 LOW CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N 1.2 1.4

Products Affected

Vendor Product Version
checkmk checkmk *
checkmk checkmk 2.1.0
checkmk checkmk 2.2.0
checkmk checkmk 2.3.0
CVE-2024-28831

Stored XSS in some confirmation pop-ups in Checkmk before versions 2.3.0p7 and 2.2.0p28 allows Checkmk users to execute arbitrary scripts by injecting HTML elements into some user input fields that are shown in a confirmation pop-up.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security@checkmk.com 5.4 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N 2.3 2.7

Products Affected

Vendor Product Version
checkmk checkmk *
checkmk checkmk 2.2.0
checkmk checkmk 2.3.0
CVE-2024-28832

Stored XSS in the Crash Report page in Checkmk before versions 2.3.0p7, 2.2.0p28, 2.1.0p45, and 2.0.0 (EOL) allows users with permission to change Global Settings to execute arbitrary scripts by injecting HTML elements into the Crash Report URL in the Global Settings.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security@checkmk.com 4.8 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N 1.7 2.7

Products Affected

Vendor Product Version
checkmk checkmk *
checkmk checkmk 2.1.0
checkmk checkmk 2.2.0
checkmk checkmk 2.3.0
CVE-2024-28833

Improper restriction of excessive authentication attempts with two factor authentication methods in Checkmk 2.3 before 2.3.0p6 facilitates brute-forcing of second factor mechanisms.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security@checkmk.com 5.9 MEDIUM CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N 2.2 3.6

Products Affected

Vendor Product Version
checkmk checkmk 2.3.0
CVE-2024-3367

Argument injection in websphere_mq agent plugin in Checkmk 2.0.0, 2.1.0, <2.2.0p26 and <2.3.0b5 allows local attacker to inject one argument to runmqsc

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security@checkmk.com 6.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N 2.0 4.0

Products Affected

Vendor Product Version
checkmk checkmk *
checkmk checkmk 2.1.0
checkmk checkmk 2.2.0
checkmk checkmk 2.3.0
CVE-2024-38857

Improper neutralization of input in Checkmk before versions 2.3.0p8, 2.2.0p28, 2.1.0p45, and 2.0.0 (EOL) allows attackers to craft malicious links that can facilitate phishing attacks.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security@checkmk.com 4.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N 2.8 1.4

Products Affected

Vendor Product Version
checkmk checkmk *
checkmk checkmk 2.1.0
checkmk checkmk 2.2.0
checkmk checkmk 2.3.0
CVE-2024-38859

XSS in the view page with the SLA column configured in Checkmk versions prior to 2.3.0p14, 2.2.0p33, 2.1.0p47 and 2.0.0 (EOL) allowed malicious users to execute arbitrary scripts by injecting HTML elements into the SLA column title. These scripts could be executed when the view page was cloned by other users.

Products Affected

Vendor Product Version
checkmk checkmk 2.0.0
checkmk checkmk 2.1.0
checkmk checkmk 2.2.0
checkmk checkmk 2.3.0
CVE-2024-38860

Improper neutralization of input in Checkmk before versions 2.3.0p16 and 2.2.0p34 allows attackers to craft malicious links that can facilitate phishing attacks.

Products Affected

Vendor Product Version
checkmk checkmk 2.2.0
checkmk checkmk 2.3.0
CVE-2024-38862

Insertion of Sensitive Information into Log File in Checkmk GmbH's Checkmk versions <2.3.0p18, <2.2.0p35, <2.1.0p48 and <=2.0.0p39 (EOL) causes SNMP and IMPI secrets of host and folder properties to be written to audit log files accessible to administrators.

Products Affected

Vendor Product Version
checkmk checkmk 2.0.0
checkmk checkmk 2.1.0
checkmk checkmk 2.2.0
checkmk checkmk 2.3.0
CVE-2024-38863

Exposure of CSRF tokens in query parameters on specific requests in Checkmk GmbH's Checkmk versions <2.3.0p18, <2.2.0p35 and <2.1.0p48 could lead to a leak of the token to facilitate targeted phishing attacks.

Products Affected

Vendor Product Version
checkmk checkmk 2.1.0
checkmk checkmk 2.2.0
checkmk checkmk 2.3.0
CVE-2024-38864

Incorrect permissions on the Checkmk Windows Agent's data directory in Checkmk < 2.3.0p23, < 2.2.0p38 and <= 2.1.0p49 (EOL) allows a local attacker to read sensitive data.

Products Affected

Vendor Product Version
checkmk checkmk *
checkmk checkmk 2.1.0
checkmk checkmk 2.2.0
checkmk checkmk 2.3.0
CVE-2024-38865

Improper neutralization of livestatus command delimiters in a specific endpoint within RestAPI of Checkmk prior to 2.2.0p39, 2.3.0p25, and 2.1.0p51 (EOL) allows arbitrary livestatus command execution. Exploitation requires the attacker to have a contact group assigned to their user account and for an event to originate from a host with the same contact group or from an event generated with an unknown host.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

Products Affected

Vendor Product Version
checkmk checkmk *
checkmk checkmk 2.1.0
checkmk checkmk 2.2.0
checkmk checkmk 2.3.0
CVE-2024-47094

Insertion of Sensitive Information into Log File in Checkmk GmbH's Checkmk versions <2.3.0p22, <2.2.0p37, <2.1.0p50 (EOL) causes remote site secrets to be written to web log files accessible to local site users.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 1.8 3.6

Products Affected

Vendor Product Version
checkmk checkmk 2.1.0
checkmk checkmk 2.2.0
checkmk checkmk 2.3.0
CVE-2024-5741

Stored XSS in inventory tree rendering in Checkmk before 2.3.0p7, 2.2.0p28, 2.1.0p45 and 2.0.0 (EOL)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security@checkmk.com 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L 2.3 3.7

Products Affected

Vendor Product Version
checkmk checkmk *
checkmk checkmk 2.1.0
checkmk checkmk 2.2.0
checkmk checkmk 2.3.0
CVE-2024-6052

Stored XSS in Checkmk before versions 2.3.0p8, 2.2.0p29, 2.1.0p45, and 2.0.0 (EOL) allows users to execute arbitrary scripts by injecting HTML elements

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security@checkmk.com 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L 2.3 3.7

Products Affected

Vendor Product Version
checkmk checkmk *
checkmk checkmk 2.1.0
checkmk checkmk 2.2.0
checkmk checkmk 2.3.0
CVE-2024-6163

Certain http endpoints of Checkmk in Checkmk < 2.3.0p10 < 2.2.0p31, < 2.1.0p46, <= 2.0.0p39 allows remote attacker to bypass authentication and access data

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security@checkmk.com 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N 3.9 1.4

Products Affected

Vendor Product Version
checkmk checkmk *
checkmk checkmk 2.1.0
checkmk checkmk 2.2.0
checkmk checkmk 2.3.0
CVE-2024-6542

Improper neutralization of livestatus command delimiters in mknotifyd in Checkmk <= 2.0.0p39, < 2.1.0p47, < 2.2.0p32 and < 2.3.0p11 allows arbitrary livestatus command execution.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security@checkmk.com 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L 3.9 2.5

Products Affected

Vendor Product Version
checkmk checkmk 2.0.0
checkmk checkmk 2.1.0
checkmk checkmk 2.2.0
checkmk checkmk 2.3.0
CVE-2024-6572

Improper host key checking in active check 'Check SFTP Service' and special agent 'VNX quotas and filesystem' in Checkmk before Checkmk 2.3.0p15, 2.2.0p33, 2.1.0p48 and 2.0.0 (EOL) allows man-in-the-middle attackers to intercept traffic

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 7.4 HIGH CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N 2.2 5.2

Products Affected

Vendor Product Version
checkmk checkmk 2.0.0
checkmk checkmk 2.1.0
checkmk checkmk 2.2.0
checkmk checkmk 2.3.0
CVE-2024-8606

Bypass of two factor authentication in RestAPI in Checkmk < 2.3.0p16 and < 2.2.0p34 allows authenticated users to bypass two factor authentication

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

Products Affected

Vendor Product Version
checkmk checkmk 2.2.0
checkmk checkmk 2.3.0
CVE-2025-1075

Insertion of Sensitive Information into Log File in Checkmk GmbH's Checkmk versions <2.3.0p27, <2.2.0p40, and 2.1.0p51 (EOL) causes LDAP credentials to be written to Apache error log file accessible to administrators.

Products Affected

Vendor Product Version
checkmk checkmk *
checkmk checkmk 2.1.0
checkmk checkmk 2.2.0
checkmk checkmk 2.3.0
CVE-2025-1712

Argument injection in special agent configuration in Checkmk <2.4.0p1, <2.3.0p32, <2.2.0p42 and 2.1.0 allows authenticated attackers to write arbitrary files

Products Affected

Vendor Product Version
checkmk checkmk 2.4.0
checkmk checkmk *
checkmk checkmk 2.2.0
checkmk checkmk 2.3.0
CVE-2025-2092

Insertion of Sensitive Information into Log File in Checkmk GmbH's Checkmk versions <2.3.0p29, <2.2.0p41 and <=2.1.0p49 (EOL) causes remote site authentication secrets to be written to log files accessible to administrators.

Products Affected

Vendor Product Version
checkmk checkmk *
checkmk checkmk 2.1.0
checkmk checkmk 2.2.0
checkmk checkmk 2.3.0
CVE-2025-2596

Session logout could be overwritten in Checkmk GmbH's Checkmk versions <2.3.0p30, <2.2.0p41, and 2.1.0p49 (EOL)

Products Affected

Vendor Product Version
checkmk checkmk *
checkmk checkmk 2.1.0
checkmk checkmk 2.2.0
checkmk checkmk 2.3.0
CVE-2025-32915

Packages downloaded by Checkmk's automatic agent updates on Linux and Solaris have incorrect permissions in Checkmk < 2.4.0p1, < 2.3.0p32, < 2.2.0p42 and <= 2.1.0p49 (EOL). This allows a local attacker to read sensitive data.

Products Affected

Vendor Product Version
checkmk checkmk 2.4.0
checkmk checkmk 2.1.0
checkmk checkmk 2.2.0
checkmk checkmk 2.3.0
CVE-2025-32916

Potential use of sensitive information in GET requests in Checkmk GmbH's Checkmk versions <2.4.0p13, <2.3.0p38, <2.2.0p46, and 2.1.0 (EOL) may cause sensitive form data to be included in URL query parameters, which may be logged in various places such as browser history or web server logs.

Products Affected

Vendor Product Version
checkmk checkmk 2.4.0
checkmk checkmk *
checkmk checkmk 2.2.0
checkmk checkmk 2.3.0
CVE-2025-32917

Privilege escalation in jar_signature agent plugin in Checkmk versions <2.4.0b7 (beta), <2.3.0p32, <2.2.0p42, and 2.1.0p49 (EOL) allow user with write access to JAVA_HOME/bin directory to escalate privileges.

Products Affected

Vendor Product Version
checkmk checkmk 2.4.0
checkmk checkmk 2.1.0
checkmk checkmk 2.2.0
checkmk checkmk 2.3.0
CVE-2025-32918

Improper neutralization of Livestatus command delimiters in autocomplete endpoint within the RestAPI of Checkmk versions <2.4.0p6, <2.3.0p35, <2.2.0p44, and 2.1.0 (EOL) allows an authenticated user to inject arbitrary Livestatus commands.

Products Affected

Vendor Product Version
checkmk checkmk 2.4.0
checkmk checkmk 2.1.0
checkmk checkmk 2.2.0
checkmk checkmk 2.3.0
CVE-2025-32919

Use of an insecure temporary directory in the Windows License plugin for the Checkmk Windows Agent allows Privilege Escalation. This issue affects Checkmk: from 2.4.0 before 2.4.0p13, from 2.3.0 before 2.3.0p38, from 2.2.0 before 2.2.0p46, and all versions of 2.1.0 (EOL).

Products Affected

Vendor Product Version
checkmk checkmk 2.4.0
checkmk checkmk *
checkmk checkmk 2.2.0
checkmk checkmk 2.3.0
CVE-2025-3506

Files to be deployed with agents are accessible without authentication in Checkmk 2.1.0, Checkmk 2.2.0, Checkmk 2.3.0 and <Checkmk 2.4.0b6 allows attacker to access files that could contain secrets.

Products Affected

Vendor Product Version
checkmk checkmk 2.4.0
checkmk checkmk *
CVE-2025-39663

Cross-Site Scripting (XSS) vulnerability in Checkmk's distributed monitoring allows a compromised remote site to inject malicious HTML code into service outputs in the central site. Affecting Checkmk before 2.4.0p14, 2.3.0p39, 2.2.0 and 2.1.0 (eol).

Products Affected

Vendor Product Version
checkmk checkmk 2.4.0
checkmk checkmk *
checkmk checkmk 2.3.0
CVE-2025-39664

Insufficient escaping in the report scheduler within Checkmk <2.4.0p13, <2.3.0p38, <2.2.0p46 and 2.1.0 (EOL) allows authenticated attackers to define the storage location of report file pairs beyond their intended root directory.

Products Affected

Vendor Product Version
checkmk checkmk 2.4.0
checkmk checkmk *
checkmk checkmk 2.2.0
checkmk checkmk 2.3.0
CVE-2025-58121

Insufficient permission validation on multiple REST API endpoints in Checkmk 2.2.0, 2.3.0, and 2.4.0 before version 2.4.0p16 allows low-privileged users to perform unauthorized actions or obtain sensitive information

Products Affected

Vendor Product Version
checkmk checkmk 2.4.0
checkmk checkmk *
CVE-2025-58122

Insufficient permission validation in Checkmk 2.4.0 before version 2.4.0p16 allows low-privileged users to modify notification parameters via the REST API, which could lead to unauthorized actions or information disclosure.

Products Affected

Vendor Product Version
checkmk checkmk 2.4.0
CVE-2025-64996

In Checkmk versions prior to 2.4.0p16, 2.3.0p41, and all versions of 2.2.0 and older, the mk_inotify plugin creates world-readable and writable files, allowing any local user on the system to read the plugin's output and manipulate it, potentially leading to unauthorized access to or modification of monitoring data.

Products Affected

Vendor Product Version
checkmk checkmk 2.4.0
checkmk checkmk *
checkmk checkmk 2.3.0
CVE-2025-64997

Insufficient permission validation in Checkmk versions prior to 2.4.0p17 and 2.3.0p42 allow low-privileged users to view agent information via the REST API, which could lead to information disclosure.

Products Affected

Vendor Product Version
checkmk checkmk 2.4.0
checkmk checkmk 2.2.0
checkmk checkmk 2.3.0
CVE-2025-65000

SSH private keys of the "Remote alert handlers (Linux)" rule were exposed in the rule page's HTML source in Checkmk <= 2.4.0p18 and all versions of Checkmk 2.3.0. This potentially allowed unauthorized triggering of predefined alert handlers on hosts where the handler was deployed.

Products Affected

Vendor Product Version
checkmk checkmk 2.4.0
checkmk checkmk 2.2.0
checkmk checkmk 2.3.0
CVE-2026-24096

Insufficient permission validation on multiple REST API Quick Setup endpoints in Checkmk 2.5.0 (beta) before version 2.5.0b2 and 2.4.0 before version 2.4.0p25 allows low-privileged users to perform unauthorized actions or obtain sensitive information

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

Products Affected

Vendor Product Version
checkmk checkmk 2.4.0
checkmk checkmk 2.5.0
CVE-2026-3103

A logic error in the remove_password() function in Checkmk GmbH's Checkmk versions <2.4.0p23, <2.3.0p43, and 2.2.0 (EOL) allows a low-privileged user to cause data loss.

Products Affected

Vendor Product Version
checkmk checkmk 2.4.0
checkmk checkmk 2.2.0
checkmk checkmk 2.3.0