CVE-2022-33912
- EPSS 0.03%
- Veröffentlicht 17.06.2022 13:15:16
- Zuletzt bearbeitet 21.11.2024 07:08:35
A permission issue affects users that deployed the shipped version of the Checkmk Debian package. Packages created by the agent bakery (enterprise editions only) were not affected. Using the shipped version of the agents, the maintainer scripts locat...
CVE-2022-31258
- EPSS 0.04%
- Veröffentlicht 20.05.2022 23:15:45
- Zuletzt bearbeitet 21.11.2024 07:04:14
In Checkmk before 1.6.0p29, 2.x before 2.0.0p25, and 2.1.x before 2.1.0b10, a site user can escalate to root by editing an OMD hook symlink.
CVE-2021-40905
- EPSS 4.88%
- Veröffentlicht 25.03.2022 23:15:08
- Zuletzt bearbeitet 21.11.2024 06:25:04
The web management console of CheckMK Enterprise Edition (versions 1.5.0 to 2.0.0p9) does not properly sanitise the uploading of ".mkp" files, which are Extension Packages, making remote code execution possible. Successful exploitation requires acces...
CVE-2021-40906
- EPSS 0.62%
- Veröffentlicht 25.03.2022 23:15:08
- Zuletzt bearbeitet 21.11.2024 06:25:04
CheckMK Raw Edition software (versions 1.5.0 to 1.6.0) does not sanitise the input of a web service parameter that is in an unauthenticated zone. This Reflected XSS allows an attacker to open a backdoor on the device with HTML content and interpreted...