Checkmk
Monthly
Privilege escalation in Checkmk's mk_sap_hana agent plugin allows a local unprivileged user to execute arbitrary commands as root by planting a process whose name mimics a SAP HANA instance. The plugin, when running as root under the RUNAS=agent configuration and lacking explicit database configuration, blindly reads the OS process list to derive SAP HANA instance identifiers and injects them unsanitized into a shell command executed with root privileges - a textbook CWE-78 OS command injection. No public exploit code or CISA KEV listing exists at time of analysis, but the attack prerequisites are achievable on any misconfigured Checkmk deployment that monitors SAP environments.
Stored cross-site scripting in Checkmk's service discovery active check output allows a high-privileged administrator to inject persistent malicious HTML or JavaScript that executes in the browsers of other administrators or users with host read permissions when they run checks on the service discovery page. Affected versions span all currently maintained branches: Checkmk below 2.5.0p5, below 2.4.0p31, below 2.3.0p48, and all 2.2.0 releases with no patch for that branch. No public exploit has been identified at time of analysis and the vulnerability is absent from CISA KEV, but the stored nature of the XSS and its targeting of privileged user sessions make it a meaningful lateral-privilege and session-compromise vector within Checkmk deployments.
Stored/reflected cross-site scripting in Checkmk monitoring platform versions prior to 2.5.0p5, 2.4.0p31, 2.3.0p48, and all 2.2.0 releases allows authenticated users to bypass URL validation by leveraging HTML-encoded characters, enabling injection of javascript: URIs that execute in another user's browser session. The CVSS 4.0 score of 8.5 reflects the high impact on confidentiality, integrity, and availability when a victim interacts with a crafted link, though no public exploit identified at time of analysis and the issue requires both low-privilege authentication and user interaction.
Stored cross-site scripting in Checkmk's global settings change log enables a high-privileged administrator to persist malicious HTML or JavaScript within changelog messages, which then executes silently in the browsers of other authenticated users who view the Activate Changes page or Audit log. Affected versions span all 2.2.0 releases and builds prior to 2.5.0p5, 2.4.0p31, and 2.3.0p48. No active exploitation is confirmed (not listed in CISA KEV), and no public exploit code has been identified at time of analysis; however, the insider-threat angle - an already-privileged admin targeting peer users - is the realistic concern here.
Incorrect authorization in Checkmk's User Messages dashboard widget exposes the dashboard creator's personal messages to any party possessing a valid public dashboard share token. The message-fetching endpoints resolve messages using the dashboard creator's identity rather than the requesting party's identity, meaning that direct API calls with a share token return the issuer's private messages regardless of whether the User Messages widget is actually present on the shared dashboard. All Checkmk deployments running versions prior to 2.5.0p5 that use the public dashboard sharing feature are affected. No public exploit has been identified and the vulnerability is not listed in CISA KEV at time of analysis.
Stored cross-site scripting in Checkmk monitoring platform allows a low-privileged user with dashboard editing rights to embed a javascript: URI inside the URL dashboard widget, which then executes in the browser of any other user viewing that dashboard. The flaw affects Checkmk versions prior to 2.5.0p5, 2.4.0p31, 2.3.0p48, and all 2.2.0 releases, and carries a CVSS 4.0 score of 8.5 due to the high confidentiality and integrity impact achievable against higher-privileged operators. No public exploit identified at time of analysis, but the prerequisite (dashboard edit permission) is commonly granted to operations staff.
Livestatus command injection in Checkmk prediction graph page allows authenticated users to execute arbitrary Livestatus commands by injecting malicious service name parameters due to insufficient input sanitization. Affected versions include Checkmk 2.3.0 before p47, 2.4.0 before p26, and 2.5.0 before b4. The vulnerability requires valid authentication credentials to exploit and results in limited confidentiality, integrity, and availability impact within the Livestatus subsystem.
Livestatus injection in Checkmk's notification test mode allows authenticated users with high privileges to inject arbitrary Livestatus commands via crafted service descriptions in versions prior to 2.5.0b4 and 2.4.0p26. The vulnerability has a CVSS score of 5.1 with limited confidentiality and integrity impact, requiring high-privilege authentication. No public exploit code or active exploitation has been confirmed at time of analysis.
Livestatus injection in Checkmk's monitoring quicksearch function allows authenticated attackers to inject arbitrary livestatus commands through insufficiently sanitized search query parameters in versions prior to 2.5.0b4. The vulnerability requires valid authentication credentials and enables low-impact information disclosure and limited integrity/availability changes within the monitoring system. No public exploit code or active exploitation has been reported at time of analysis.
Local privilege escalation in Checkmk allows site users with high privileges to escalate to root by manipulating site context files processed by the root-executed 'omd' administrative command. Affects Checkmk 2.2.0 (EOL), 2.3.0 before p46, 2.4.0 before p25, and 2.5.0 beta before b3. No public exploit identified at time of analysis. CVSS 9.3 reflects total technical impact, but SSVC assessment indicates non-automatable exploitation requiring existing high-privilege access, tempering the real-world urgency for organizations with strict site user access controls.
Stored cross-site scripting in Checkmk dashboard dashlet title links enables authenticated attackers with dashboard creation privileges to execute malicious JavaScript in victims' browsers when they click crafted dashlet links on shared dashboards. Affects Checkmk 2.2.0 (EOL), 2.3.0 before p46, 2.4.0 before p25, and 2.5.0 beta before b3. Vendor-released patches are available for all supported versions. EPSS score of 0.05% (14th percentile) indicates low predicted exploitation probability, and no public exploit identified at time of analysis, though CVSS 8.5 reflects the high impact of successful exploitation (complete confidentiality, integrity, and availability compromise in victim context).
Insufficient permission validation in Checkmk REST API Quick Setup endpoints allows low-privileged authenticated users to perform unauthorized administrative actions or access sensitive information in versions 2.5.0 beta before 2.5.0b2 and 2.4.0 before 2.4.0p25. The vulnerability stems from missing authorization checks that fail to enforce role-based access control on multiple API endpoints, enabling privilege escalation within the monitoring platform.
Stored cross-site scripting (XSS) in Checkmk 2.5.0 beta allows authenticated users with pending change permissions to inject malicious JavaScript into the Pending Changes sidebar, executing in the browsers of other users who view that sidebar. This vulnerability affects the beta release 2.5.0 before version 2.5.0b2 and requires existing user authentication with specific permissions to exploit.
Stored cross-site scripting (XSS) in Checkmk 2.5.0 beta versions before 2.5.0b2 allows authenticated users with host or service creation permissions to inject malicious JavaScript that executes in the browsers of other users when they perform searches via the Unified Search feature, potentially enabling session hijacking, credential theft, or administrative account compromise.
Checkmk exposes its session signing secret in configurations synchronized between remote and central sites, allowing a remote site administrator to forge valid session cookies and hijack user sessions on the central monitoring instance. This vulnerability affects Checkmk versions prior to 2.4.0p23, 2.3.0p45, and all 2.2.0 releases when configuration synchronization is enabled. An attacker with administrative privileges on a remote Checkmk site can leverage this exposure to impersonate any user, including central site administrators, potentially gaining complete control over the monitoring infrastructure.
Checkmk contains an improper permission enforcement vulnerability in the deploy_agent endpoint that allows unauthenticated users to enumerate existing hosts by analyzing differential HTTP response codes, resulting in information disclosure. The vulnerability affects Checkmk versions 2.4.0 before 2.4.0p23, 2.3.0 before 2.3.0p43, and end-of-life version 2.2.0, with a CVSS score of 6.3 indicating moderate severity. An attacker with network access can passively discover the infrastructure topology without authentication, though no known active exploitation or public POC has been confirmed at this time.
Checkmk contains an improper permission enforcement vulnerability in the agent-receiver/register_existing endpoint that allows authenticated users to enumerate existing hosts by observing differential HTTP response codes, enabling information disclosure. This affects Checkmk versions 2.4.0 before 2.4.0p23, 2.3.0 before 2.3.0p43, and the end-of-life 2.2.0 branch. While not currently listed as actively exploited in known vulnerability catalogs, the low CVSS score of 5.3 reflects limited confidentiality impact and the requirement for prior authentication, though the straightforward nature of the enumeration technique presents moderate real-world risk.
Data loss in Checkmk versions before 2.4.0p23, 2.3.0p43, and 2.2.0 results from a logic error in the remove_password() function that allows low-privileged users to delete sensitive information. An authenticated attacker can exploit this vulnerability to cause unintended data loss without requiring user interaction. No patch is currently available for affected deployments.
Improper neutralization of input in Checkmk versions 2.4.0 before 2.4.0p22, and 2.3.0 before 2.3.0p43 allows an attacker that can manipulate a host's check output to inject malicious JavaScript into the Synthetic Monitoring HTML logs, which can then be accessed via a crafted phishing link. [CVSS 5.4 MEDIUM]
In Checkmk versions prior to 2.4.0p16, 2.3.0p41, and all versions of 2.2.0 and older, the mk_inotify plugin creates world-readable and writable files, allowing any local user on the system to read. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. No vendor patch available.
Insufficient permission validation in Checkmk 2.4.0 before version 2.4.0p16 allows low-privileged users to modify notification parameters via the REST API, which could lead to unauthorized actions or. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Insufficient permission validation on multiple REST API endpoints in Checkmk 2.2.0, 2.3.0, and 2.4.0 before version 2.4.0p16 allows low-privileged users to perform unauthorized actions or obtain. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
A security vulnerability in autocomplete endpoint within the RestAPI of Checkmk (CVSS 8.8) that allows an authenticated user. High severity vulnerability requiring prompt remediation.
Packages downloaded by Checkmk's automatic agent updates on Linux and Solaris have incorrect permissions in Checkmk < 2.4.0p1, < 2.3.0p32, < 2.2.0p42 and <= 2.1.0p49 (EOL). Rated medium severity (CVSS 4.3), this vulnerability is low attack complexity. No vendor patch available.
Argument injection in special agent configuration in Checkmk <2.4.0p1, <2.3.0p32, <2.2.0p42 and 2.1.0 allows authenticated attackers to write arbitrary files. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Privilege escalation in jar_signature agent plugin in Checkmk versions <2.4.0b7 (beta), <2.3.0p32, <2.2.0p42, and 2.1.0p49 (EOL) allow user with write access to JAVA_HOME/bin directory to escalate. Rated medium severity (CVSS 5.2), this vulnerability is low attack complexity. No vendor patch available.
Files to be deployed with agents are accessible without authentication in Checkmk 2.1.0, Checkmk 2.2.0, Checkmk 2.3.0 and <Checkmk 2.4.0b6 allows attacker to access files that could contain secrets. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Insertion of Sensitive Information into Log File in Checkmk GmbH's Checkmk versions <2.3.0p29, <2.2.0p41 and <=2.1.0p49 (EOL) causes remote site authentication secrets to be written to log files. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.
Improper neutralization of livestatus command delimiters in a specific endpoint within RestAPI of Checkmk prior to 2.2.0p39, 2.3.0p25, and 2.1.0p51 (EOL) allows arbitrary livestatus command. Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Session logout could be overwritten in Checkmk GmbH's Checkmk versions <2.3.0p30, <2.2.0p41, and 2.1.0p49 (EOL). Rated low severity (CVSS 2.3), this vulnerability is remotely exploitable. No vendor patch available.
Insertion of Sensitive Information into Log File in Checkmk GmbH's Checkmk versions <2.3.0p27, <2.2.0p40, and 2.1.0p51 (EOL) causes LDAP credentials to be written to Apache error log file accessible. Rated medium severity (CVSS 5.6), this vulnerability is low attack complexity. No vendor patch available.
Incorrect permissions on the Checkmk Windows Agent's data directory in Checkmk < 2.3.0p23, < 2.2.0p38 and <= 2.1.0p49 (EOL) allows a local attacker to read sensitive data. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. No vendor patch available.
Insertion of Sensitive Information into Log File in Checkmk GmbH's Checkmk versions <2.3.0p22, <2.2.0p37, <2.1.0p50 (EOL) causes remote site secrets to be written to web log files accessible to local. Rated medium severity (CVSS 5.7), this vulnerability is low attack complexity. No vendor patch available.
Exposure of CSRF tokens in query parameters on specific requests in Checkmk GmbH's Checkmk versions <2.3.0p18, <2.2.0p35 and <2.1.0p48 could lead to a leak of the token to facilitate targeted. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Insertion of Sensitive Information into Log File in Checkmk GmbH's Checkmk versions <2.3.0p18, <2.2.0p35, <2.1.0p48 and <=2.0.0p39 (EOL) causes SNMP and IMPI secrets of host and folder properties to. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Information leakage in mknotifyd in Checkmk before 2.3.0p18, 2.2.0p36, 2.1.0p49 and in 2.0.0p39 (EOL) allows attacker to get potentially sensitive data. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Bypass of two factor authentication in RestAPI in Checkmk < 2.3.0p16 and < 2.2.0p34 allows authenticated users to bypass two factor authentication. Rated critical severity (CVSS 9.2), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.
Improper neutralization of input in Checkmk before versions 2.3.0p16 and 2.2.0p34 allows attackers to craft malicious links that can facilitate phishing attacks. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Improper host key checking in active check 'Check SFTP Service' and special agent 'VNX quotas and filesystem' in Checkmk before Checkmk 2.3.0p15, 2.2.0p33, 2.1.0p48 and 2.0.0 (EOL) allows. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Improper neutralization of input in Checkmk before version 2.3.0p14 allows attackers to inject and run malicious scripts in the Robotmk logs view. Rated low severity (CVSS 2.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
XSS in the view page with the SLA column configured in Checkmk versions prior to 2.3.0p14, 2.2.0p33, 2.1.0p47 and 2.0.0 (EOL) allowed malicious users to execute arbitrary scripts by injecting HTML. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Least privilege violation and reliance on untrusted inputs in the mk_informix Checkmk agent plugin before Checkmk 2.3.0p12, 2.2.0p32, 2.1.0p47 and 2.0.0 (EOL) allows local users to escalate. Rated medium severity (CVSS 5.2), this vulnerability is low attack complexity. No vendor patch available.
Improper neutralization of livestatus command delimiters in mknotifyd in Checkmk <= 2.0.0p39, < 2.1.0p47, < 2.2.0p32 and < 2.3.0p11 allows arbitrary livestatus command execution. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Cross-Site request forgery in Checkmk < 2.3.0p8, < 2.2.0p29, < 2.1.0p45, and <= 2.0.0p39 (EOL) could lead to 1-click compromize of the site. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Incorrect permissions on the Checkmk Windows Agent's data directory in Checkmk < 2.3.0p8, < 2.2.0p29, < 2.1.0p45, and <= 2.0.0p39 (EOL) allows a local attacker to gain SYSTEM privileges. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
Certain http endpoints of Checkmk in Checkmk < 2.3.0p10 < 2.2.0p31, < 2.1.0p46, <= 2.0.0p39 allows remote attacker to bypass authentication and access data. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Stored XSS in Checkmk before versions 2.3.0p8, 2.2.0p29, 2.1.0p45, and 2.0.0 (EOL) allows users to execute arbitrary scripts by injecting HTML elements. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Improper neutralization of input in Checkmk before versions 2.3.0p8, 2.2.0p28, 2.1.0p45, and 2.0.0 (EOL) allows attackers to craft malicious links that can facilitate phishing attacks. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Insertion of Sensitive Information into Log File in Checkmk GmbH's Checkmk versions <2.3.0p7, <2.2.0p28, <2.1.0p45 and <=2.0.0p39 (EOL) causes automation user secrets to be written to audit log files. Rated low severity (CVSS 2.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Stored XSS in the Crash Report page in Checkmk before versions 2.3.0p7, 2.2.0p28, 2.1.0p45, and 2.0.0 (EOL) allows users with permission to change Global Settings to execute arbitrary scripts by. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Stored XSS in some confirmation pop-ups in Checkmk before versions 2.3.0p7 and 2.2.0p28 allows Checkmk users to execute arbitrary scripts by injecting HTML elements into some user input fields that. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Stored XSS in inventory tree rendering in Checkmk before 2.3.0p7, 2.2.0p28, 2.1.0p45 and 2.0.0 (EOL). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Improper restriction of excessive authentication attempts with two factor authentication methods in Checkmk 2.3 before 2.3.0p6 facilitates brute-forcing of second factor mechanisms. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Improper restriction of local upload and download paths in check_sftp in Checkmk before 2.3.0p4, 2.2.0p27, 2.1.0p44, and in Checkmk 2.0.0 (EOL) allows attackers with sufficient permissions to. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Improper restriction of excessive authentication attempts on some authentication methods in Checkmk before 2.3.0b5 (beta), 2.2.0p26, 2.1.0p43, and in Checkmk 2.0.0 (EOL) facilitates password. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Argument injection in websphere_mq agent plugin in Checkmk 2.0.0, 2.1.0, <2.2.0p26 and <2.3.0b5 allows local attacker to inject one argument to runmqsc. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
Stored XSS in graph rendering in Checkmk <2.3.0b4. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Least privilege violation and reliance on untrusted inputs in the mk_informix Checkmk agent plugin before Checkmk 2.3.0b4 (beta), 2.2.0p24, 2.1.0p41 and 2.0.0 (EOL) allows local users to escalate. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
Invocation of the sqlplus command with sensitive information in the command line in the mk_oracle Checkmk agent plugin before Checkmk 2.3.0b4 (beta), 2.2.0p24, 2.1.0p41 and 2.0.0 (EOL) allows the. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.
Least privilege violation in the Checkmk agent plugins mk_oracle, mk_oracle.ps1, and mk_oracle_crs before Checkmk 2.3.0b4 (beta), 2.2.0p24, 2.1.0p41 and 2.0.0 (EOL) allows local users to escalate. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.
Privilege escalation in windows agent plugin in Checkmk before 2.2.0p23, 2.1.0p40 and 2.0.0 (EOL) allows local user to escalate privileges. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
Privilege escalation in jar_signature agent plugin in Checkmk before 2.2.0p18, 2.1.0p38 and 2.0.0p39 allows local user to escalate privileges. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity.
Privilege escalation in mk_tsm agent plugin in Checkmk before 2.2.0p18, 2.1.0p38 and 2.0.0p39 allows local user to escalate privileges. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity.
Insufficient authentication flow in Checkmk before 2.2.0p18, 2.1.0p38 and 2.0.0p39 allows attacker to use locked credentials. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.
Usage of user controlled LD_LIBRARY_PATH in agent in Checkmk 2.2.0p10 up to 2.2.0p16 allows malicious Checkmk site user to escalate rights via injection of malicious libraries. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
Cross-site Request Forgery (CSRF) in Checkmk < 2.2.0p15, < 2.1.0p37, <= 2.0.0p39 allow an authenticated attacker to delete user-messages for individual users. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Improper neutralization of livestatus command delimiters in ajax_search in Checkmk <= 2.0.0p39, < 2.1.0p37, and < 2.2.0p15 allows arbitrary livestatus command execution for authorized users. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Improper neutralization of livestatus command delimiters in the availability timeline in Checkmk <= 2.0.0p39, < 2.1.0p37, and < 2.2.0p15 allows arbitrary livestatus command execution for authorized. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Improper Input Validation in Checkmk <2.2.0p15, <2.1.0p37, <=2.0.0p39 allows priviledged attackers to cause partial denial of service of the UI via too long hostnames. Rated low severity (CVSS 2.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Improper neutralization of active check command arguments in Checkmk < 2.1.0p32, < 2.0.0p38, < 2.2.0p4 leads to arbitrary command execution for authenticated users. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Reflected XSS in business intelligence in Checkmk <2.2.0p8, <2.1.0p32, <2.0.0p38, <=1.6.0p30. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
User enumeration in Checkmk <=2.2.0p4 allows an authenticated attacker to enumerate usernames. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Improper Authorization in RestAPI in Checkmk GmbH's Checkmk versions <2.1.0p28 and <2.2.0b8 allows remote authenticated users to read arbitrary host_configs. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Improper neutralization of livestatus command delimiters in the RestAPI in Checkmk < 2.0.0p36, < 2.1.0p28, and < 2.2.0b8 (beta) allows arbitrary livestatus command execution for authorized users. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Transmission of credentials within query parameters in Checkmk <= 2.1.0p26, <= 2.0.0p35, and <= 2.2.0b6 (beta) may cause the automation user's secret to be written to the site Apache access log. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
Privilege escalation in Tribe29 Checkmk Appliance before 1.6.4 allows authenticated site users to escalate privileges via incorrectly set permissions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Insufficient permission checks in the REST API in Tribe29 Checkmk <= 2.1.0p27 and <= 2.2.0b4 (beta) allow unauthorized users to schedule downtimes for any host. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Inappropriate error handling in Tribe29 Checkmk <= 2.1.0p25, <= 2.0.0p34, <= 2.2.0b3 (beta), and all versions of Checkmk 1.6.0 causes the symmetric encryption of agent data to fail silently and. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
HTML Email Injection in Tribe29 Checkmk <=2.1.0p23; <=2.0.0p34, and all versions of Checkmk 1.6.0 allows an authenticated attacker to inject malicious HTML into Emails. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Improper Input Validation of LDAP user IDs in Tribe29 Checkmk allows attackers that can control LDAP user IDs to manipulate files on the server. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
A permission issue affects users that deployed the shipped version of the Checkmk Debian package. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
In Checkmk before 1.6.0p29, 2.x before 2.0.0p25, and 2.1.x before 2.1.0b10, a site user can escalate to root by editing an OMD hook symlink. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.
CheckMK Raw Edition software (versions 1.5.0 to 1.6.0) does not sanitise the input of a web service parameter that is in an unauthenticated zone. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
The web management console of CheckMK Enterprise Edition (versions 1.5.0 to 2.0.0p9) does not properly sanitise the uploading of ".mkp" files, which are Extension Packages, making remote code. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
The web management console of CheckMK Raw Edition (versions 1.5.0 to 1.6.0) allows a misconfiguration of the web-app Dokuwiki (installed by default), which allows embedded php code. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
In Checkmk <=2.0.0p19 fixed in 2.0.0p20 and Checkmk <=1.6.0p27 fixed in 1.6.0p28, the title of a Predefined condition is not properly escaped when shown as condition, which can result in Cross Site. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Checkmk <=2.0.0p19 Fixed in 2.0.0p20 and Checkmk <=1.6.0p27 Fixed in 1.6.0p28 are affected by a Cross Site Scripting (XSS) vulnerability. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Checkmk <=2.0.0p19 contains a Cross Site Scripting (XSS) vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.
The CheckMK management web console (versions 1.5.0 to 2.0.0) does not sanitise user input in various parameters of the WATO module. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
Check_MK before 1.2.8p26 mishandles certain errors within the failed-login save feature because of a race condition, which allows remote attackers to obtain sensitive user information by reading a. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and EPSS exploitation probability 19.6%.
Privilege escalation in Checkmk's mk_sap_hana agent plugin allows a local unprivileged user to execute arbitrary commands as root by planting a process whose name mimics a SAP HANA instance. The plugin, when running as root under the RUNAS=agent configuration and lacking explicit database configuration, blindly reads the OS process list to derive SAP HANA instance identifiers and injects them unsanitized into a shell command executed with root privileges - a textbook CWE-78 OS command injection. No public exploit code or CISA KEV listing exists at time of analysis, but the attack prerequisites are achievable on any misconfigured Checkmk deployment that monitors SAP environments.
Stored cross-site scripting in Checkmk's service discovery active check output allows a high-privileged administrator to inject persistent malicious HTML or JavaScript that executes in the browsers of other administrators or users with host read permissions when they run checks on the service discovery page. Affected versions span all currently maintained branches: Checkmk below 2.5.0p5, below 2.4.0p31, below 2.3.0p48, and all 2.2.0 releases with no patch for that branch. No public exploit has been identified at time of analysis and the vulnerability is absent from CISA KEV, but the stored nature of the XSS and its targeting of privileged user sessions make it a meaningful lateral-privilege and session-compromise vector within Checkmk deployments.
Stored/reflected cross-site scripting in Checkmk monitoring platform versions prior to 2.5.0p5, 2.4.0p31, 2.3.0p48, and all 2.2.0 releases allows authenticated users to bypass URL validation by leveraging HTML-encoded characters, enabling injection of javascript: URIs that execute in another user's browser session. The CVSS 4.0 score of 8.5 reflects the high impact on confidentiality, integrity, and availability when a victim interacts with a crafted link, though no public exploit identified at time of analysis and the issue requires both low-privilege authentication and user interaction.
Stored cross-site scripting in Checkmk's global settings change log enables a high-privileged administrator to persist malicious HTML or JavaScript within changelog messages, which then executes silently in the browsers of other authenticated users who view the Activate Changes page or Audit log. Affected versions span all 2.2.0 releases and builds prior to 2.5.0p5, 2.4.0p31, and 2.3.0p48. No active exploitation is confirmed (not listed in CISA KEV), and no public exploit code has been identified at time of analysis; however, the insider-threat angle - an already-privileged admin targeting peer users - is the realistic concern here.
Incorrect authorization in Checkmk's User Messages dashboard widget exposes the dashboard creator's personal messages to any party possessing a valid public dashboard share token. The message-fetching endpoints resolve messages using the dashboard creator's identity rather than the requesting party's identity, meaning that direct API calls with a share token return the issuer's private messages regardless of whether the User Messages widget is actually present on the shared dashboard. All Checkmk deployments running versions prior to 2.5.0p5 that use the public dashboard sharing feature are affected. No public exploit has been identified and the vulnerability is not listed in CISA KEV at time of analysis.
Stored cross-site scripting in Checkmk monitoring platform allows a low-privileged user with dashboard editing rights to embed a javascript: URI inside the URL dashboard widget, which then executes in the browser of any other user viewing that dashboard. The flaw affects Checkmk versions prior to 2.5.0p5, 2.4.0p31, 2.3.0p48, and all 2.2.0 releases, and carries a CVSS 4.0 score of 8.5 due to the high confidentiality and integrity impact achievable against higher-privileged operators. No public exploit identified at time of analysis, but the prerequisite (dashboard edit permission) is commonly granted to operations staff.
Livestatus command injection in Checkmk prediction graph page allows authenticated users to execute arbitrary Livestatus commands by injecting malicious service name parameters due to insufficient input sanitization. Affected versions include Checkmk 2.3.0 before p47, 2.4.0 before p26, and 2.5.0 before b4. The vulnerability requires valid authentication credentials to exploit and results in limited confidentiality, integrity, and availability impact within the Livestatus subsystem.
Livestatus injection in Checkmk's notification test mode allows authenticated users with high privileges to inject arbitrary Livestatus commands via crafted service descriptions in versions prior to 2.5.0b4 and 2.4.0p26. The vulnerability has a CVSS score of 5.1 with limited confidentiality and integrity impact, requiring high-privilege authentication. No public exploit code or active exploitation has been confirmed at time of analysis.
Livestatus injection in Checkmk's monitoring quicksearch function allows authenticated attackers to inject arbitrary livestatus commands through insufficiently sanitized search query parameters in versions prior to 2.5.0b4. The vulnerability requires valid authentication credentials and enables low-impact information disclosure and limited integrity/availability changes within the monitoring system. No public exploit code or active exploitation has been reported at time of analysis.
Local privilege escalation in Checkmk allows site users with high privileges to escalate to root by manipulating site context files processed by the root-executed 'omd' administrative command. Affects Checkmk 2.2.0 (EOL), 2.3.0 before p46, 2.4.0 before p25, and 2.5.0 beta before b3. No public exploit identified at time of analysis. CVSS 9.3 reflects total technical impact, but SSVC assessment indicates non-automatable exploitation requiring existing high-privilege access, tempering the real-world urgency for organizations with strict site user access controls.
Stored cross-site scripting in Checkmk dashboard dashlet title links enables authenticated attackers with dashboard creation privileges to execute malicious JavaScript in victims' browsers when they click crafted dashlet links on shared dashboards. Affects Checkmk 2.2.0 (EOL), 2.3.0 before p46, 2.4.0 before p25, and 2.5.0 beta before b3. Vendor-released patches are available for all supported versions. EPSS score of 0.05% (14th percentile) indicates low predicted exploitation probability, and no public exploit identified at time of analysis, though CVSS 8.5 reflects the high impact of successful exploitation (complete confidentiality, integrity, and availability compromise in victim context).
Insufficient permission validation in Checkmk REST API Quick Setup endpoints allows low-privileged authenticated users to perform unauthorized administrative actions or access sensitive information in versions 2.5.0 beta before 2.5.0b2 and 2.4.0 before 2.4.0p25. The vulnerability stems from missing authorization checks that fail to enforce role-based access control on multiple API endpoints, enabling privilege escalation within the monitoring platform.
Stored cross-site scripting (XSS) in Checkmk 2.5.0 beta allows authenticated users with pending change permissions to inject malicious JavaScript into the Pending Changes sidebar, executing in the browsers of other users who view that sidebar. This vulnerability affects the beta release 2.5.0 before version 2.5.0b2 and requires existing user authentication with specific permissions to exploit.
Stored cross-site scripting (XSS) in Checkmk 2.5.0 beta versions before 2.5.0b2 allows authenticated users with host or service creation permissions to inject malicious JavaScript that executes in the browsers of other users when they perform searches via the Unified Search feature, potentially enabling session hijacking, credential theft, or administrative account compromise.
Checkmk exposes its session signing secret in configurations synchronized between remote and central sites, allowing a remote site administrator to forge valid session cookies and hijack user sessions on the central monitoring instance. This vulnerability affects Checkmk versions prior to 2.4.0p23, 2.3.0p45, and all 2.2.0 releases when configuration synchronization is enabled. An attacker with administrative privileges on a remote Checkmk site can leverage this exposure to impersonate any user, including central site administrators, potentially gaining complete control over the monitoring infrastructure.
Checkmk contains an improper permission enforcement vulnerability in the deploy_agent endpoint that allows unauthenticated users to enumerate existing hosts by analyzing differential HTTP response codes, resulting in information disclosure. The vulnerability affects Checkmk versions 2.4.0 before 2.4.0p23, 2.3.0 before 2.3.0p43, and end-of-life version 2.2.0, with a CVSS score of 6.3 indicating moderate severity. An attacker with network access can passively discover the infrastructure topology without authentication, though no known active exploitation or public POC has been confirmed at this time.
Checkmk contains an improper permission enforcement vulnerability in the agent-receiver/register_existing endpoint that allows authenticated users to enumerate existing hosts by observing differential HTTP response codes, enabling information disclosure. This affects Checkmk versions 2.4.0 before 2.4.0p23, 2.3.0 before 2.3.0p43, and the end-of-life 2.2.0 branch. While not currently listed as actively exploited in known vulnerability catalogs, the low CVSS score of 5.3 reflects limited confidentiality impact and the requirement for prior authentication, though the straightforward nature of the enumeration technique presents moderate real-world risk.
Data loss in Checkmk versions before 2.4.0p23, 2.3.0p43, and 2.2.0 results from a logic error in the remove_password() function that allows low-privileged users to delete sensitive information. An authenticated attacker can exploit this vulnerability to cause unintended data loss without requiring user interaction. No patch is currently available for affected deployments.
Improper neutralization of input in Checkmk versions 2.4.0 before 2.4.0p22, and 2.3.0 before 2.3.0p43 allows an attacker that can manipulate a host's check output to inject malicious JavaScript into the Synthetic Monitoring HTML logs, which can then be accessed via a crafted phishing link. [CVSS 5.4 MEDIUM]
In Checkmk versions prior to 2.4.0p16, 2.3.0p41, and all versions of 2.2.0 and older, the mk_inotify plugin creates world-readable and writable files, allowing any local user on the system to read. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. No vendor patch available.
Insufficient permission validation in Checkmk 2.4.0 before version 2.4.0p16 allows low-privileged users to modify notification parameters via the REST API, which could lead to unauthorized actions or. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Insufficient permission validation on multiple REST API endpoints in Checkmk 2.2.0, 2.3.0, and 2.4.0 before version 2.4.0p16 allows low-privileged users to perform unauthorized actions or obtain. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
A security vulnerability in autocomplete endpoint within the RestAPI of Checkmk (CVSS 8.8) that allows an authenticated user. High severity vulnerability requiring prompt remediation.
Packages downloaded by Checkmk's automatic agent updates on Linux and Solaris have incorrect permissions in Checkmk < 2.4.0p1, < 2.3.0p32, < 2.2.0p42 and <= 2.1.0p49 (EOL). Rated medium severity (CVSS 4.3), this vulnerability is low attack complexity. No vendor patch available.
Argument injection in special agent configuration in Checkmk <2.4.0p1, <2.3.0p32, <2.2.0p42 and 2.1.0 allows authenticated attackers to write arbitrary files. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Privilege escalation in jar_signature agent plugin in Checkmk versions <2.4.0b7 (beta), <2.3.0p32, <2.2.0p42, and 2.1.0p49 (EOL) allow user with write access to JAVA_HOME/bin directory to escalate. Rated medium severity (CVSS 5.2), this vulnerability is low attack complexity. No vendor patch available.
Files to be deployed with agents are accessible without authentication in Checkmk 2.1.0, Checkmk 2.2.0, Checkmk 2.3.0 and <Checkmk 2.4.0b6 allows attacker to access files that could contain secrets. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Insertion of Sensitive Information into Log File in Checkmk GmbH's Checkmk versions <2.3.0p29, <2.2.0p41 and <=2.1.0p49 (EOL) causes remote site authentication secrets to be written to log files. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.
Improper neutralization of livestatus command delimiters in a specific endpoint within RestAPI of Checkmk prior to 2.2.0p39, 2.3.0p25, and 2.1.0p51 (EOL) allows arbitrary livestatus command. Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Session logout could be overwritten in Checkmk GmbH's Checkmk versions <2.3.0p30, <2.2.0p41, and 2.1.0p49 (EOL). Rated low severity (CVSS 2.3), this vulnerability is remotely exploitable. No vendor patch available.
Insertion of Sensitive Information into Log File in Checkmk GmbH's Checkmk versions <2.3.0p27, <2.2.0p40, and 2.1.0p51 (EOL) causes LDAP credentials to be written to Apache error log file accessible. Rated medium severity (CVSS 5.6), this vulnerability is low attack complexity. No vendor patch available.
Incorrect permissions on the Checkmk Windows Agent's data directory in Checkmk < 2.3.0p23, < 2.2.0p38 and <= 2.1.0p49 (EOL) allows a local attacker to read sensitive data. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. No vendor patch available.
Insertion of Sensitive Information into Log File in Checkmk GmbH's Checkmk versions <2.3.0p22, <2.2.0p37, <2.1.0p50 (EOL) causes remote site secrets to be written to web log files accessible to local. Rated medium severity (CVSS 5.7), this vulnerability is low attack complexity. No vendor patch available.
Exposure of CSRF tokens in query parameters on specific requests in Checkmk GmbH's Checkmk versions <2.3.0p18, <2.2.0p35 and <2.1.0p48 could lead to a leak of the token to facilitate targeted. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Insertion of Sensitive Information into Log File in Checkmk GmbH's Checkmk versions <2.3.0p18, <2.2.0p35, <2.1.0p48 and <=2.0.0p39 (EOL) causes SNMP and IMPI secrets of host and folder properties to. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Information leakage in mknotifyd in Checkmk before 2.3.0p18, 2.2.0p36, 2.1.0p49 and in 2.0.0p39 (EOL) allows attacker to get potentially sensitive data. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Bypass of two factor authentication in RestAPI in Checkmk < 2.3.0p16 and < 2.2.0p34 allows authenticated users to bypass two factor authentication. Rated critical severity (CVSS 9.2), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.
Improper neutralization of input in Checkmk before versions 2.3.0p16 and 2.2.0p34 allows attackers to craft malicious links that can facilitate phishing attacks. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Improper host key checking in active check 'Check SFTP Service' and special agent 'VNX quotas and filesystem' in Checkmk before Checkmk 2.3.0p15, 2.2.0p33, 2.1.0p48 and 2.0.0 (EOL) allows. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Improper neutralization of input in Checkmk before version 2.3.0p14 allows attackers to inject and run malicious scripts in the Robotmk logs view. Rated low severity (CVSS 2.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
XSS in the view page with the SLA column configured in Checkmk versions prior to 2.3.0p14, 2.2.0p33, 2.1.0p47 and 2.0.0 (EOL) allowed malicious users to execute arbitrary scripts by injecting HTML. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Least privilege violation and reliance on untrusted inputs in the mk_informix Checkmk agent plugin before Checkmk 2.3.0p12, 2.2.0p32, 2.1.0p47 and 2.0.0 (EOL) allows local users to escalate. Rated medium severity (CVSS 5.2), this vulnerability is low attack complexity. No vendor patch available.
Improper neutralization of livestatus command delimiters in mknotifyd in Checkmk <= 2.0.0p39, < 2.1.0p47, < 2.2.0p32 and < 2.3.0p11 allows arbitrary livestatus command execution. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Cross-Site request forgery in Checkmk < 2.3.0p8, < 2.2.0p29, < 2.1.0p45, and <= 2.0.0p39 (EOL) could lead to 1-click compromize of the site. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Incorrect permissions on the Checkmk Windows Agent's data directory in Checkmk < 2.3.0p8, < 2.2.0p29, < 2.1.0p45, and <= 2.0.0p39 (EOL) allows a local attacker to gain SYSTEM privileges. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
Certain http endpoints of Checkmk in Checkmk < 2.3.0p10 < 2.2.0p31, < 2.1.0p46, <= 2.0.0p39 allows remote attacker to bypass authentication and access data. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Stored XSS in Checkmk before versions 2.3.0p8, 2.2.0p29, 2.1.0p45, and 2.0.0 (EOL) allows users to execute arbitrary scripts by injecting HTML elements. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Improper neutralization of input in Checkmk before versions 2.3.0p8, 2.2.0p28, 2.1.0p45, and 2.0.0 (EOL) allows attackers to craft malicious links that can facilitate phishing attacks. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Insertion of Sensitive Information into Log File in Checkmk GmbH's Checkmk versions <2.3.0p7, <2.2.0p28, <2.1.0p45 and <=2.0.0p39 (EOL) causes automation user secrets to be written to audit log files. Rated low severity (CVSS 2.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Stored XSS in the Crash Report page in Checkmk before versions 2.3.0p7, 2.2.0p28, 2.1.0p45, and 2.0.0 (EOL) allows users with permission to change Global Settings to execute arbitrary scripts by. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Stored XSS in some confirmation pop-ups in Checkmk before versions 2.3.0p7 and 2.2.0p28 allows Checkmk users to execute arbitrary scripts by injecting HTML elements into some user input fields that. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Stored XSS in inventory tree rendering in Checkmk before 2.3.0p7, 2.2.0p28, 2.1.0p45 and 2.0.0 (EOL). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Improper restriction of excessive authentication attempts with two factor authentication methods in Checkmk 2.3 before 2.3.0p6 facilitates brute-forcing of second factor mechanisms. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Improper restriction of local upload and download paths in check_sftp in Checkmk before 2.3.0p4, 2.2.0p27, 2.1.0p44, and in Checkmk 2.0.0 (EOL) allows attackers with sufficient permissions to. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Improper restriction of excessive authentication attempts on some authentication methods in Checkmk before 2.3.0b5 (beta), 2.2.0p26, 2.1.0p43, and in Checkmk 2.0.0 (EOL) facilitates password. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Argument injection in websphere_mq agent plugin in Checkmk 2.0.0, 2.1.0, <2.2.0p26 and <2.3.0b5 allows local attacker to inject one argument to runmqsc. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
Stored XSS in graph rendering in Checkmk <2.3.0b4. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Least privilege violation and reliance on untrusted inputs in the mk_informix Checkmk agent plugin before Checkmk 2.3.0b4 (beta), 2.2.0p24, 2.1.0p41 and 2.0.0 (EOL) allows local users to escalate. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
Invocation of the sqlplus command with sensitive information in the command line in the mk_oracle Checkmk agent plugin before Checkmk 2.3.0b4 (beta), 2.2.0p24, 2.1.0p41 and 2.0.0 (EOL) allows the. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.
Least privilege violation in the Checkmk agent plugins mk_oracle, mk_oracle.ps1, and mk_oracle_crs before Checkmk 2.3.0b4 (beta), 2.2.0p24, 2.1.0p41 and 2.0.0 (EOL) allows local users to escalate. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.
Privilege escalation in windows agent plugin in Checkmk before 2.2.0p23, 2.1.0p40 and 2.0.0 (EOL) allows local user to escalate privileges. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
Privilege escalation in jar_signature agent plugin in Checkmk before 2.2.0p18, 2.1.0p38 and 2.0.0p39 allows local user to escalate privileges. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity.
Privilege escalation in mk_tsm agent plugin in Checkmk before 2.2.0p18, 2.1.0p38 and 2.0.0p39 allows local user to escalate privileges. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity.
Insufficient authentication flow in Checkmk before 2.2.0p18, 2.1.0p38 and 2.0.0p39 allows attacker to use locked credentials. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.
Usage of user controlled LD_LIBRARY_PATH in agent in Checkmk 2.2.0p10 up to 2.2.0p16 allows malicious Checkmk site user to escalate rights via injection of malicious libraries. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
Cross-site Request Forgery (CSRF) in Checkmk < 2.2.0p15, < 2.1.0p37, <= 2.0.0p39 allow an authenticated attacker to delete user-messages for individual users. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Improper neutralization of livestatus command delimiters in ajax_search in Checkmk <= 2.0.0p39, < 2.1.0p37, and < 2.2.0p15 allows arbitrary livestatus command execution for authorized users. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Improper neutralization of livestatus command delimiters in the availability timeline in Checkmk <= 2.0.0p39, < 2.1.0p37, and < 2.2.0p15 allows arbitrary livestatus command execution for authorized. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Improper Input Validation in Checkmk <2.2.0p15, <2.1.0p37, <=2.0.0p39 allows priviledged attackers to cause partial denial of service of the UI via too long hostnames. Rated low severity (CVSS 2.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Improper neutralization of active check command arguments in Checkmk < 2.1.0p32, < 2.0.0p38, < 2.2.0p4 leads to arbitrary command execution for authenticated users. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Reflected XSS in business intelligence in Checkmk <2.2.0p8, <2.1.0p32, <2.0.0p38, <=1.6.0p30. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
User enumeration in Checkmk <=2.2.0p4 allows an authenticated attacker to enumerate usernames. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Improper Authorization in RestAPI in Checkmk GmbH's Checkmk versions <2.1.0p28 and <2.2.0b8 allows remote authenticated users to read arbitrary host_configs. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Improper neutralization of livestatus command delimiters in the RestAPI in Checkmk < 2.0.0p36, < 2.1.0p28, and < 2.2.0b8 (beta) allows arbitrary livestatus command execution for authorized users. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Transmission of credentials within query parameters in Checkmk <= 2.1.0p26, <= 2.0.0p35, and <= 2.2.0b6 (beta) may cause the automation user's secret to be written to the site Apache access log. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
Privilege escalation in Tribe29 Checkmk Appliance before 1.6.4 allows authenticated site users to escalate privileges via incorrectly set permissions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Insufficient permission checks in the REST API in Tribe29 Checkmk <= 2.1.0p27 and <= 2.2.0b4 (beta) allow unauthorized users to schedule downtimes for any host. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Inappropriate error handling in Tribe29 Checkmk <= 2.1.0p25, <= 2.0.0p34, <= 2.2.0b3 (beta), and all versions of Checkmk 1.6.0 causes the symmetric encryption of agent data to fail silently and. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
HTML Email Injection in Tribe29 Checkmk <=2.1.0p23; <=2.0.0p34, and all versions of Checkmk 1.6.0 allows an authenticated attacker to inject malicious HTML into Emails. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Improper Input Validation of LDAP user IDs in Tribe29 Checkmk allows attackers that can control LDAP user IDs to manipulate files on the server. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
A permission issue affects users that deployed the shipped version of the Checkmk Debian package. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
In Checkmk before 1.6.0p29, 2.x before 2.0.0p25, and 2.1.x before 2.1.0b10, a site user can escalate to root by editing an OMD hook symlink. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.
CheckMK Raw Edition software (versions 1.5.0 to 1.6.0) does not sanitise the input of a web service parameter that is in an unauthenticated zone. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
The web management console of CheckMK Enterprise Edition (versions 1.5.0 to 2.0.0p9) does not properly sanitise the uploading of ".mkp" files, which are Extension Packages, making remote code. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
The web management console of CheckMK Raw Edition (versions 1.5.0 to 1.6.0) allows a misconfiguration of the web-app Dokuwiki (installed by default), which allows embedded php code. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
In Checkmk <=2.0.0p19 fixed in 2.0.0p20 and Checkmk <=1.6.0p27 fixed in 1.6.0p28, the title of a Predefined condition is not properly escaped when shown as condition, which can result in Cross Site. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Checkmk <=2.0.0p19 Fixed in 2.0.0p20 and Checkmk <=1.6.0p27 Fixed in 1.6.0p28 are affected by a Cross Site Scripting (XSS) vulnerability. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Checkmk <=2.0.0p19 contains a Cross Site Scripting (XSS) vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.
The CheckMK management web console (versions 1.5.0 to 2.0.0) does not sanitise user input in various parameters of the WATO module. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
Check_MK before 1.2.8p26 mishandles certain errors within the failed-login save feature because of a race condition, which allows remote attackers to obtain sensitive user information by reading a. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and EPSS exploitation probability 19.6%.