Check_MK before 1.2.8p26 mishandles certain errors within the failed-login save feature because of a race condition, which allows remote attackers to obtain sensitive user information by reading a GUI crash report.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 5.9 | MEDIUM | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N | 2.2 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-200,CWE-362,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| checkmk | checkmk | 1.2.5 |
| checkmk | checkmk | 1.2.7 |
| checkmk | checkmk | 1.2.3 |
| checkmk | checkmk | 1.2.6 |
| checkmk | checkmk | 1.2.4 |
| checkmk | checkmk | 1.2.8 |
Checkmk before 1.6.0p17 allows local users to obtain SYSTEM privileges via a Trojan horse shell script in the %PROGRAMDATA%\checkmk\agent\local directory.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| checkmk | checkmk | 1.6.0 |
| checkmk | checkmk | * |
A stored cross site scripting (XSS) vulnerability in Checkmk 1.6.0x prior to 1.6.0p19 allows an authenticated remote attacker to inject arbitrary JavaScript via a javascript: URL in a view title.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 5.4 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N | 2.3 | 2.7 |
CVSS 2.0
Severity: LOW
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| checkmk | checkmk | 1.6.0 |
The CheckMK management web console (versions 1.5.0 to 2.0.0) does not sanitise user input in various parameters of the WATO module. This allows an attacker to open a backdoor on the device with HTML content and interpreted by the browser (such as JavaScript or other client-side scripts), the XSS payload will be triggered when the user accesses some specific sections of the application. In the same sense a very dangerous potential way would be when an attacker who has the monitor role (not administrator) manages to get a stored XSS to steal the secretAutomation (for the use of the API in administrator mode) and thus be able to create another administrator user who has high privileges on the CheckMK monitoring web console. Another way is that persistent XSS allows an attacker to modify the displayed content or change the victim's information. Successful exploitation requires access to the web management interface, either with valid credentials or with a hijacked session.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 5.4 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N | 2.3 | 2.7 |
CVSS 2.0
Severity: LOW
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| checkmk | checkmk | * |
The web management console of CheckMK Raw Edition (versions 1.5.0 to 1.6.0) allows a misconfiguration of the web-app Dokuwiki (installed by default), which allows embedded php code. As a result, remote code execution is achieved. Successful exploitation requires access to the web management interface, either with valid credentials or with a hijacked session by a user with the role of administrator.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 8.8 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 2.8 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-276,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| checkmk | checkmk | * |
CheckMK Raw Edition software (versions 1.5.0 to 1.6.0) does not sanitise the input of a web service parameter that is in an unauthenticated zone. This Reflected XSS allows an attacker to open a backdoor on the device with HTML content and interpreted by the browser (such as JavaScript or other client-side scripts) or to steal the session cookies of a user who has previously authenticated via a man in the middle. Successful exploitation requires access to the web service resource without authentication.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.1 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N | 2.8 | 2.7 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| checkmk | checkmk | 1.6.0 |
| tribe29 | checkmk | 1.6.0b10 |
| tribe29 | checkmk | 1.6.0p10 |
| tribe29 | checkmk | 1.6.0b11 |
| tribe29 | checkmk | 1.6.0p17 |
| checkmk | checkmk | * |
| tribe29 | checkmk | 1.6.0p18 |
Checkmk <=2.0.0p19 contains a Cross Site Scripting (XSS) vulnerability. While creating or editing a user attribute, the Help Text is subject to HTML injection, which can be triggered for editing a user.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.1 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N | 2.8 | 2.7 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| checkmk | checkmk | 2.0.0 |
Checkmk <=2.0.0p19 Fixed in 2.0.0p20 and Checkmk <=1.6.0p27 Fixed in 1.6.0p28 are affected by a Cross Site Scripting (XSS) vulnerability. The Alias of a site was not properly escaped when shown as condition for notifications.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 5.4 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N | 2.3 | 2.7 |
CVSS 2.0
Severity: LOW
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| checkmk | checkmk | 1.6.0 |
| checkmk | checkmk | 2.0.0 |
In Checkmk <=2.0.0p19 fixed in 2.0.0p20 and Checkmk <=1.6.0p27 fixed in 1.6.0p28, the title of a Predefined condition is not properly escaped when shown as condition, which can result in Cross Site Scripting (XSS).
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 5.4 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N | 2.3 | 2.7 |
CVSS 2.0
Severity: LOW
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| checkmk | checkmk | 1.6.0 |
| checkmk | checkmk | 2.0.0 |
In Checkmk before 1.6.0p29, 2.x before 2.0.0p25, and 2.1.x before 2.1.0b10, a site user can escalate to root by editing an OMD hook symlink.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| cve@mitre.org | 8.2 | HIGH | CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H | 1.5 | 6.0 |
| nvd@nist.gov | 6.7 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H | 0.8 | 5.9 |
CVSS 2.0
Severity: HIGH
Problem Type: CWE-59,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| checkmk | checkmk | 1.6.0 |
| checkmk | checkmk | 2.0.0 |
| tribe29 | checkmk | 1.6.0b10 |
| tribe29 | checkmk | 1.6.0p10 |
| tribe29 | checkmk | 1.6.0b11 |
| tribe29 | checkmk | 1.6.0p17 |
| checkmk | checkmk | 2.1.0 |
| tribe29 | checkmk | 1.6.0p15 |
| tribe29 | checkmk | 1.6.0p13 |
| tribe29 | checkmk | 1.6.0p16 |
| tribe29 | checkmk | 1.6.0p11 |
| checkmk | checkmk | * |
| tribe29 | checkmk | 1.6.0p12 |
| tribe29 | checkmk | 1.6.0p14 |
| tribe29 | checkmk | 1.6.0p18 |
A permission issue affects users that deployed the shipped version of the Checkmk Debian package. Packages created by the agent bakery (enterprise editions only) were not affected. Using the shipped version of the agents, the maintainer scripts located at /var/lib/dpkg/info/ will be owned by the user and the group with ID 1001. If such a user exists on the system, they can change the content of these files (which are then executed by root). This leads to a local privilege escalation on the monitored host. Version 1.6 through 1.6.9p29, version 2.0 through 2.0.0p26, version 2.1 through 2.1.0p3, and version 2.2.0i1 are affected.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
CVSS 2.0
Severity: HIGH
Problem Type: CWE-276,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| checkmk | checkmk | 1.6.0 |
| checkmk | checkmk | 2.0.0 |
| tribe29 | checkmk | 1.6.0b10 |
| tribe29 | checkmk | 1.6.0b11 |
| checkmk | checkmk | 2.1.0 |
| checkmk | checkmk | 2.2.0 |
Broad access controls could allow site users to directly interact with the system Apache installation when providing the reverse proxy configurations for Tribe29's Checkmk <= 2.1.0p6, Checkmk <= 2.0.0p27, and all versions of Checkmk 1.6.0 (EOL) allowing an attacker to perform remote code execution with root privileges on the underlying host.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| security@checkmk.com | 8.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H | 2.0 | 6.0 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| checkmk | checkmk | 1.6.0 |
| checkmk | checkmk | 2.0.0 |
| checkmk | checkmk | 2.1.0 |
Insufficient permission checks in the REST API in Tribe29 Checkmk <= 2.1.0p27 and <= 2.2.0b4 (beta) allow unauthorized users to schedule downtimes for any host.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| security@checkmk.com | 4.3 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N | 2.8 | 1.4 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| checkmk | checkmk | 2.1.0 |
| checkmk | checkmk | 2.2.0 |
Improper Authorization in RestAPI in Checkmk GmbH's Checkmk versions <2.1.0p28 and <2.2.0b8 allows remote authenticated users to read arbitrary host_configs.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| security@checkmk.com | 4.3 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N | 2.8 | 1.4 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| checkmk | checkmk | 2.1.0 |
| tribe29 | checkmk | * |
| checkmk | checkmk | 2.2.0 |
User enumeration in Checkmk <=2.2.0p4 allows an authenticated attacker to enumerate usernames.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| security@checkmk.com | 4.3 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N | 2.8 | 1.4 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| checkmk | checkmk | 2.2.0 |
Reflected XSS in business intelligence in Checkmk <2.2.0p8, <2.1.0p32, <2.0.0p38, <=1.6.0p30.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| security@checkmk.com | 5.4 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N | 2.8 | 2.5 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| checkmk | checkmk | 2.0.0 |
| checkmk | checkmk | * |
| checkmk | checkmk | 2.1.0 |
| checkmk | checkmk | 2.2.0 |
Transmission of credentials within query parameters in Checkmk <= 2.1.0p26, <= 2.0.0p35, and <= 2.2.0b6 (beta) may cause the automation user's secret to be written to the site Apache access log.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| security@checkmk.com | 4.4 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N | 0.8 | 3.6 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| checkmk | checkmk | 2.0.0 |
| checkmk | checkmk | 2.1.0 |
| checkmk | checkmk | 2.2.0 |
Improper neutralization of livestatus command delimiters in the RestAPI in Checkmk < 2.0.0p36, < 2.1.0p28, and < 2.2.0b8 (beta) allows arbitrary livestatus command execution for authorized users.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| security@checkmk.com | 8.3 | HIGH | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H | 2.8 | 5.5 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| checkmk | checkmk | 2.0.0 |
| checkmk | checkmk | 2.1.0 |
| tribe29 | checkmk | * |
| checkmk | checkmk | 2.2.0 |
Improper neutralization of active check command arguments in Checkmk < 2.1.0p32, < 2.0.0p38, < 2.2.0p4 leads to arbitrary command execution for authenticated users.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 8.8 | HIGH | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 2.8 | 5.9 |
| security@checkmk.com | 8.8 | HIGH | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 2.8 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| checkmk | checkmk | 2.0.0 |
| checkmk | checkmk | 2.1.0 |
| tribe29 | checkmk | * |
| checkmk | checkmk | 2.2.0 |
Least privilege violation in the Checkmk agent plugins mk_oracle, mk_oracle.ps1, and mk_oracle_crs before Checkmk 2.3.0b4 (beta), 2.2.0p24, 2.1.0p41 and 2.0.0 (EOL) allows local users to escalate privileges.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| security@checkmk.com | 8.2 | HIGH | CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H | 1.5 | 6.0 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| checkmk | checkmk | * |
| checkmk | checkmk | 2.1.0 |
| checkmk | checkmk | 2.2.0 |
| checkmk | checkmk | 2.3.0 |
Privilege escalation in windows agent plugin in Checkmk before 2.2.0p23, 2.1.0p40 and 2.0.0 (EOL) allows local user to escalate privileges
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| security@checkmk.com | 8.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H | 2.0 | 6.0 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| checkmk | checkmk | * |
| checkmk | checkmk | 2.1.0 |
| checkmk | checkmk | 2.2.0 |
Invocation of the sqlplus command with sensitive information in the command line in the mk_oracle Checkmk agent plugin before Checkmk 2.3.0b4 (beta), 2.2.0p24, 2.1.0p41 and 2.0.0 (EOL) allows the extraction of this information from the process list.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| security@checkmk.com | 3.8 | LOW | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N | 2.0 | 1.4 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| checkmk | checkmk | * |
| checkmk | checkmk | 2.1.0 |
| checkmk | checkmk | 2.2.0 |
| checkmk | checkmk | 2.3.0 |
Stored XSS in graph rendering in Checkmk <2.3.0b4.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| security@checkmk.com | 4.6 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N | 2.1 | 2.5 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| checkmk | checkmk | 2.3.0 |
Least privilege violation and reliance on untrusted inputs in the mk_informix Checkmk agent plugin before Checkmk 2.3.0b4 (beta), 2.2.0p24, 2.1.0p41 and 2.0.0 (EOL) allows local users to escalate privileges.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| security@checkmk.com | 8.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H | 2.0 | 6.0 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| checkmk | checkmk | * |
| checkmk | checkmk | 2.1.0 |
| checkmk | checkmk | 2.2.0 |
| checkmk | checkmk | 2.3.0 |
Improper restriction of excessive authentication attempts on some authentication methods in Checkmk before 2.3.0b5 (beta), 2.2.0p26, 2.1.0p43, and in Checkmk 2.0.0 (EOL) facilitates password brute-forcing.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| security@checkmk.com | 5.9 | MEDIUM | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N | 2.2 | 3.6 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| checkmk | checkmk | * |
| checkmk | checkmk | 2.1.0 |
| checkmk | checkmk | 2.2.0 |
| checkmk | checkmk | 2.3.0 |
Improper restriction of local upload and download paths in check_sftp in Checkmk before 2.3.0p4, 2.2.0p27, 2.1.0p44, and in Checkmk 2.0.0 (EOL) allows attackers with sufficient permissions to configure the check to read and write local files on the Checkmk site server.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| security@checkmk.com | 8.8 | HIGH | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 2.8 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| checkmk | checkmk | * |
| checkmk | checkmk | 2.1.0 |
| checkmk | checkmk | 2.2.0 |
| checkmk | checkmk | 2.3.0 |
Incorrect permissions on the Checkmk Windows Agent's data directory in Checkmk < 2.3.0p8, < 2.2.0p29, < 2.1.0p45, and <= 2.0.0p39 (EOL) allows a local attacker to gain SYSTEM privileges.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| security@checkmk.com | 8.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H | 2.0 | 6.0 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| checkmk | checkmk | * |
| checkmk | checkmk | 2.1.0 |
| checkmk | checkmk | 2.2.0 |
| checkmk | checkmk | 2.3.0 |
Cross-Site request forgery in Checkmk < 2.3.0p8, < 2.2.0p29, < 2.1.0p45, and <= 2.0.0p39 (EOL) could lead to 1-click compromize of the site.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| security@checkmk.com | 8.8 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 2.8 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| checkmk | checkmk | 2.0.0 |
| checkmk | checkmk | 2.1.0 |
| checkmk | checkmk | 2.2.0 |
| checkmk | checkmk | 2.3.0 |
Least privilege violation and reliance on untrusted inputs in the mk_informix Checkmk agent plugin before Checkmk 2.3.0p12, 2.2.0p32, 2.1.0p47 and 2.0.0 (EOL) allows local users to escalate privileges.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| checkmk | checkmk | 2.0.0 |
| checkmk | checkmk | 2.1.0 |
| checkmk | checkmk | 2.2.0 |
| checkmk | checkmk | 2.3.0 |
Insertion of Sensitive Information into Log File in Checkmk GmbH's Checkmk versions <2.3.0p7, <2.2.0p28, <2.1.0p45 and <=2.0.0p39 (EOL) causes automation user secrets to be written to audit log files accessible to administrators.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| security@checkmk.com | 2.7 | LOW | CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N | 1.2 | 1.4 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| checkmk | checkmk | * |
| checkmk | checkmk | 2.1.0 |
| checkmk | checkmk | 2.2.0 |
| checkmk | checkmk | 2.3.0 |
Stored XSS in some confirmation pop-ups in Checkmk before versions 2.3.0p7 and 2.2.0p28 allows Checkmk users to execute arbitrary scripts by injecting HTML elements into some user input fields that are shown in a confirmation pop-up.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| security@checkmk.com | 5.4 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N | 2.3 | 2.7 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| checkmk | checkmk | * |
| checkmk | checkmk | 2.2.0 |
| checkmk | checkmk | 2.3.0 |
Stored XSS in the Crash Report page in Checkmk before versions 2.3.0p7, 2.2.0p28, 2.1.0p45, and 2.0.0 (EOL) allows users with permission to change Global Settings to execute arbitrary scripts by injecting HTML elements into the Crash Report URL in the Global Settings.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| security@checkmk.com | 4.8 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N | 1.7 | 2.7 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| checkmk | checkmk | * |
| checkmk | checkmk | 2.1.0 |
| checkmk | checkmk | 2.2.0 |
| checkmk | checkmk | 2.3.0 |
Improper restriction of excessive authentication attempts with two factor authentication methods in Checkmk 2.3 before 2.3.0p6 facilitates brute-forcing of second factor mechanisms.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| security@checkmk.com | 5.9 | MEDIUM | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N | 2.2 | 3.6 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| checkmk | checkmk | 2.3.0 |
Argument injection in websphere_mq agent plugin in Checkmk 2.0.0, 2.1.0, <2.2.0p26 and <2.3.0b5 allows local attacker to inject one argument to runmqsc
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| security@checkmk.com | 6.5 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N | 2.0 | 4.0 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| checkmk | checkmk | * |
| checkmk | checkmk | 2.1.0 |
| checkmk | checkmk | 2.2.0 |
| checkmk | checkmk | 2.3.0 |
Improper neutralization of input in Checkmk before versions 2.3.0p8, 2.2.0p28, 2.1.0p45, and 2.0.0 (EOL) allows attackers to craft malicious links that can facilitate phishing attacks.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| security@checkmk.com | 4.3 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N | 2.8 | 1.4 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| checkmk | checkmk | * |
| checkmk | checkmk | 2.1.0 |
| checkmk | checkmk | 2.2.0 |
| checkmk | checkmk | 2.3.0 |
XSS in the view page with the SLA column configured in Checkmk versions prior to 2.3.0p14, 2.2.0p33, 2.1.0p47 and 2.0.0 (EOL) allowed malicious users to execute arbitrary scripts by injecting HTML elements into the SLA column title. These scripts could be executed when the view page was cloned by other users.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| checkmk | checkmk | 2.0.0 |
| checkmk | checkmk | 2.1.0 |
| checkmk | checkmk | 2.2.0 |
| checkmk | checkmk | 2.3.0 |
Improper neutralization of input in Checkmk before versions 2.3.0p16 and 2.2.0p34 allows attackers to craft malicious links that can facilitate phishing attacks.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| checkmk | checkmk | 2.2.0 |
| checkmk | checkmk | 2.3.0 |
Insertion of Sensitive Information into Log File in Checkmk GmbH's Checkmk versions <2.3.0p18, <2.2.0p35, <2.1.0p48 and <=2.0.0p39 (EOL) causes SNMP and IMPI secrets of host and folder properties to be written to audit log files accessible to administrators.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| checkmk | checkmk | 2.0.0 |
| checkmk | checkmk | 2.1.0 |
| checkmk | checkmk | 2.2.0 |
| checkmk | checkmk | 2.3.0 |
Exposure of CSRF tokens in query parameters on specific requests in Checkmk GmbH's Checkmk versions <2.3.0p18, <2.2.0p35 and <2.1.0p48 could lead to a leak of the token to facilitate targeted phishing attacks.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| checkmk | checkmk | 2.1.0 |
| checkmk | checkmk | 2.2.0 |
| checkmk | checkmk | 2.3.0 |
Incorrect permissions on the Checkmk Windows Agent's data directory in Checkmk < 2.3.0p23, < 2.2.0p38 and <= 2.1.0p49 (EOL) allows a local attacker to read sensitive data.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| checkmk | checkmk | * |
| checkmk | checkmk | 2.1.0 |
| checkmk | checkmk | 2.2.0 |
| checkmk | checkmk | 2.3.0 |
Improper neutralization of livestatus command delimiters in a specific endpoint within RestAPI of Checkmk prior to 2.2.0p39, 2.3.0p25, and 2.1.0p51 (EOL) allows arbitrary livestatus command execution. Exploitation requires the attacker to have a contact group assigned to their user account and for an event to originate from a host with the same contact group or from an event generated with an unknown host.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 8.8 | HIGH | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 2.8 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| checkmk | checkmk | * |
| checkmk | checkmk | 2.1.0 |
| checkmk | checkmk | 2.2.0 |
| checkmk | checkmk | 2.3.0 |
Insertion of Sensitive Information into Log File in Checkmk GmbH's Checkmk versions <2.3.0p22, <2.2.0p37, <2.1.0p50 (EOL) causes remote site secrets to be written to web log files accessible to local site users.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 5.5 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N | 1.8 | 3.6 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| checkmk | checkmk | 2.1.0 |
| checkmk | checkmk | 2.2.0 |
| checkmk | checkmk | 2.3.0 |
Stored XSS in inventory tree rendering in Checkmk before 2.3.0p7, 2.2.0p28, 2.1.0p45 and 2.0.0 (EOL)
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| security@checkmk.com | 6.5 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L | 2.3 | 3.7 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| checkmk | checkmk | * |
| checkmk | checkmk | 2.1.0 |
| checkmk | checkmk | 2.2.0 |
| checkmk | checkmk | 2.3.0 |
Stored XSS in Checkmk before versions 2.3.0p8, 2.2.0p29, 2.1.0p45, and 2.0.0 (EOL) allows users to execute arbitrary scripts by injecting HTML elements
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| security@checkmk.com | 6.5 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L | 2.3 | 3.7 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| checkmk | checkmk | * |
| checkmk | checkmk | 2.1.0 |
| checkmk | checkmk | 2.2.0 |
| checkmk | checkmk | 2.3.0 |
Certain http endpoints of Checkmk in Checkmk < 2.3.0p10 < 2.2.0p31, < 2.1.0p46, <= 2.0.0p39 allows remote attacker to bypass authentication and access data
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| security@checkmk.com | 5.3 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N | 3.9 | 1.4 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| checkmk | checkmk | * |
| checkmk | checkmk | 2.1.0 |
| checkmk | checkmk | 2.2.0 |
| checkmk | checkmk | 2.3.0 |
Improper neutralization of livestatus command delimiters in mknotifyd in Checkmk <= 2.0.0p39, < 2.1.0p47, < 2.2.0p32 and < 2.3.0p11 allows arbitrary livestatus command execution.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| security@checkmk.com | 6.5 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L | 3.9 | 2.5 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| checkmk | checkmk | 2.0.0 |
| checkmk | checkmk | 2.1.0 |
| checkmk | checkmk | 2.2.0 |
| checkmk | checkmk | 2.3.0 |
Improper host key checking in active check 'Check SFTP Service' and special agent 'VNX quotas and filesystem' in Checkmk before Checkmk 2.3.0p15, 2.2.0p33, 2.1.0p48 and 2.0.0 (EOL) allows man-in-the-middle attackers to intercept traffic
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 7.4 | HIGH | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N | 2.2 | 5.2 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| checkmk | checkmk | 2.0.0 |
| checkmk | checkmk | 2.1.0 |
| checkmk | checkmk | 2.2.0 |
| checkmk | checkmk | 2.3.0 |
Bypass of two factor authentication in RestAPI in Checkmk < 2.3.0p16 and < 2.2.0p34 allows authenticated users to bypass two factor authentication
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 8.8 | HIGH | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 2.8 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| checkmk | checkmk | 2.2.0 |
| checkmk | checkmk | 2.3.0 |
Insertion of Sensitive Information into Log File in Checkmk GmbH's Checkmk versions <2.3.0p27, <2.2.0p40, and 2.1.0p51 (EOL) causes LDAP credentials to be written to Apache error log file accessible to administrators.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| checkmk | checkmk | * |
| checkmk | checkmk | 2.1.0 |
| checkmk | checkmk | 2.2.0 |
| checkmk | checkmk | 2.3.0 |
Argument injection in special agent configuration in Checkmk <2.4.0p1, <2.3.0p32, <2.2.0p42 and 2.1.0 allows authenticated attackers to write arbitrary files
Products Affected
| Vendor | Product | Version |
|---|---|---|
| checkmk | checkmk | 2.4.0 |
| checkmk | checkmk | * |
| checkmk | checkmk | 2.2.0 |
| checkmk | checkmk | 2.3.0 |
Insertion of Sensitive Information into Log File in Checkmk GmbH's Checkmk versions <2.3.0p29, <2.2.0p41 and <=2.1.0p49 (EOL) causes remote site authentication secrets to be written to log files accessible to administrators.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| checkmk | checkmk | * |
| checkmk | checkmk | 2.1.0 |
| checkmk | checkmk | 2.2.0 |
| checkmk | checkmk | 2.3.0 |
Session logout could be overwritten in Checkmk GmbH's Checkmk versions <2.3.0p30, <2.2.0p41, and 2.1.0p49 (EOL)
Products Affected
| Vendor | Product | Version |
|---|---|---|
| checkmk | checkmk | * |
| checkmk | checkmk | 2.1.0 |
| checkmk | checkmk | 2.2.0 |
| checkmk | checkmk | 2.3.0 |
Packages downloaded by Checkmk's automatic agent updates on Linux and Solaris have incorrect permissions in Checkmk < 2.4.0p1, < 2.3.0p32, < 2.2.0p42 and <= 2.1.0p49 (EOL). This allows a local attacker to read sensitive data.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| checkmk | checkmk | 2.4.0 |
| checkmk | checkmk | 2.1.0 |
| checkmk | checkmk | 2.2.0 |
| checkmk | checkmk | 2.3.0 |
Potential use of sensitive information in GET requests in Checkmk GmbH's Checkmk versions <2.4.0p13, <2.3.0p38, <2.2.0p46, and 2.1.0 (EOL) may cause sensitive form data to be included in URL query parameters, which may be logged in various places such as browser history or web server logs.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| checkmk | checkmk | 2.4.0 |
| checkmk | checkmk | * |
| checkmk | checkmk | 2.2.0 |
| checkmk | checkmk | 2.3.0 |
Privilege escalation in jar_signature agent plugin in Checkmk versions <2.4.0b7 (beta), <2.3.0p32, <2.2.0p42, and 2.1.0p49 (EOL) allow user with write access to JAVA_HOME/bin directory to escalate privileges.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| checkmk | checkmk | 2.4.0 |
| checkmk | checkmk | 2.1.0 |
| checkmk | checkmk | 2.2.0 |
| checkmk | checkmk | 2.3.0 |
Improper neutralization of Livestatus command delimiters in autocomplete endpoint within the RestAPI of Checkmk versions <2.4.0p6, <2.3.0p35, <2.2.0p44, and 2.1.0 (EOL) allows an authenticated user to inject arbitrary Livestatus commands.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| checkmk | checkmk | 2.4.0 |
| checkmk | checkmk | 2.1.0 |
| checkmk | checkmk | 2.2.0 |
| checkmk | checkmk | 2.3.0 |
Use of an insecure temporary directory in the Windows License plugin for the Checkmk Windows Agent allows Privilege Escalation. This issue affects Checkmk: from 2.4.0 before 2.4.0p13, from 2.3.0 before 2.3.0p38, from 2.2.0 before 2.2.0p46, and all versions of 2.1.0 (EOL).
Products Affected
| Vendor | Product | Version |
|---|---|---|
| checkmk | checkmk | 2.4.0 |
| checkmk | checkmk | * |
| checkmk | checkmk | 2.2.0 |
| checkmk | checkmk | 2.3.0 |
Files to be deployed with agents are accessible without authentication in Checkmk 2.1.0, Checkmk 2.2.0, Checkmk 2.3.0 and <Checkmk 2.4.0b6 allows attacker to access files that could contain secrets.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| checkmk | checkmk | 2.4.0 |
| checkmk | checkmk | * |
Cross-Site Scripting (XSS) vulnerability in Checkmk's distributed monitoring allows a compromised remote site to inject malicious HTML code into service outputs in the central site. Affecting Checkmk before 2.4.0p14, 2.3.0p39, 2.2.0 and 2.1.0 (eol).
Products Affected
| Vendor | Product | Version |
|---|---|---|
| checkmk | checkmk | 2.4.0 |
| checkmk | checkmk | * |
| checkmk | checkmk | 2.3.0 |
Insufficient escaping in the report scheduler within Checkmk <2.4.0p13, <2.3.0p38, <2.2.0p46 and 2.1.0 (EOL) allows authenticated attackers to define the storage location of report file pairs beyond their intended root directory.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| checkmk | checkmk | 2.4.0 |
| checkmk | checkmk | * |
| checkmk | checkmk | 2.2.0 |
| checkmk | checkmk | 2.3.0 |
Insufficient permission validation on multiple REST API endpoints in Checkmk 2.2.0, 2.3.0, and 2.4.0 before version 2.4.0p16 allows low-privileged users to perform unauthorized actions or obtain sensitive information
Products Affected
| Vendor | Product | Version |
|---|---|---|
| checkmk | checkmk | 2.4.0 |
| checkmk | checkmk | * |
Insufficient permission validation in Checkmk 2.4.0 before version 2.4.0p16 allows low-privileged users to modify notification parameters via the REST API, which could lead to unauthorized actions or information disclosure.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| checkmk | checkmk | 2.4.0 |
In Checkmk versions prior to 2.4.0p16, 2.3.0p41, and all versions of 2.2.0 and older, the mk_inotify plugin creates world-readable and writable files, allowing any local user on the system to read the plugin's output and manipulate it, potentially leading to unauthorized access to or modification of monitoring data.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| checkmk | checkmk | 2.4.0 |
| checkmk | checkmk | * |
| checkmk | checkmk | 2.3.0 |
Insufficient permission validation in Checkmk versions prior to 2.4.0p17 and 2.3.0p42 allow low-privileged users to view agent information via the REST API, which could lead to information disclosure.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| checkmk | checkmk | 2.4.0 |
| checkmk | checkmk | 2.2.0 |
| checkmk | checkmk | 2.3.0 |
SSH private keys of the "Remote alert handlers (Linux)" rule were exposed in the rule page's HTML source in Checkmk <= 2.4.0p18 and all versions of Checkmk 2.3.0. This potentially allowed unauthorized triggering of predefined alert handlers on hosts where the handler was deployed.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| checkmk | checkmk | 2.4.0 |
| checkmk | checkmk | 2.2.0 |
| checkmk | checkmk | 2.3.0 |
Insufficient permission validation on multiple REST API Quick Setup endpoints in Checkmk 2.5.0 (beta) before version 2.5.0b2 and 2.4.0 before version 2.4.0p25 allows low-privileged users to perform unauthorized actions or obtain sensitive information
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 8.8 | HIGH | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 2.8 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| checkmk | checkmk | 2.4.0 |
| checkmk | checkmk | 2.5.0 |
A logic error in the remove_password() function in Checkmk GmbH's Checkmk versions <2.4.0p23, <2.3.0p43, and 2.2.0 (EOL) allows a low-privileged user to cause data loss.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| checkmk | checkmk | 2.4.0 |
| checkmk | checkmk | 2.2.0 |
| checkmk | checkmk | 2.3.0 |