checkmk 2.1.0 Patch 43

CPE Details

checkmk 2.1.0 Patch 43
checkmk
checkmk
2.1.0
2024-07-23
17h37 +00:00
2024-07-23
17h37 +00:00
CPE NVD
Alerte pour un CPE
Restez informé de toutes modifications pour un CPE spécifique.
Gestion des notifications

CPE Name: cpe:2.3:a:checkmk:checkmk:2.1.0:p43:*:*:*:*:*:*

Informations

Vendor

checkmk

Product

checkmk

Version

2.1.0

Update

p43

Related CVE

Open and find in CVE List

CVE ID Publié Description Score Gravité
CVE-2024-47094 2024-11-29 09h52 +00:00 Insertion of Sensitive Information into Log File in Checkmk GmbH's Checkmk versions <2.3.0p22, <2.2.0p37, <2.1.0p50 (EOL) causes remote site secrets to be written to web log files accessible to local site users.
5.7
Moyen
CVE-2024-38863 2024-10-14 07h19 +00:00 Exposure of CSRF tokens in query parameters on specific requests in Checkmk GmbH's Checkmk versions <2.3.0p18, <2.2.0p35 and <2.1.0p48 could lead to a leak of the token to facilitate targeted phishing attacks.
2
Bas
CVE-2024-38862 2024-10-14 07h19 +00:00 Insertion of Sensitive Information into Log File in Checkmk GmbH's Checkmk versions <2.3.0p18, <2.2.0p35, <2.1.0p48 and <=2.0.0p39 (EOL) causes SNMP and IMPI secrets of host and folder properties to be written to audit log files accessible to administrators.
5.1
Moyen
CVE-2024-6747 2024-10-10 07h43 +00:00 Information leakage in mknotifyd in Checkmk before 2.3.0p18, 2.2.0p36, 2.1.0p49 and in 2.0.0p39 (EOL) allows attacker to get potentially sensitive data
7.5
Haute
CVE-2024-38858 2024-09-02 09h16 +00:00 Improper neutralization of input in Checkmk before version 2.3.0p14 allows attackers to inject and run malicious scripts in the Robotmk logs view.
2.3
Bas
CVE-2024-38859 2024-08-26 14h15 +00:00 XSS in the view page with the SLA column configured in Checkmk versions prior to 2.3.0p14, 2.2.0p33, 2.1.0p47 and 2.0.0 (EOL) allowed malicious users to execute arbitrary scripts by injecting HTML elements into the SLA column title. These scripts could be executed when the view page was cloned by other users.
4.8
Moyen
CVE-2024-28829 2024-08-20 08h15 +00:00 Least privilege violation and reliance on untrusted inputs in the mk_informix Checkmk agent plugin before Checkmk 2.3.0p12, 2.2.0p32, 2.1.0p47 and 2.0.0 (EOL) allows local users to escalate privileges.
7.8
Haute
CVE-2024-6542 2024-07-22 09h50 +00:00 Improper neutralization of livestatus command delimiters in mknotifyd in Checkmk <= 2.0.0p39, < 2.1.0p47, < 2.2.0p32 and < 2.3.0p11 allows arbitrary livestatus command execution.
6.5
Moyen
CVE-2024-28828 2024-07-10 12h41 +00:00 Cross-Site request forgery in Checkmk < 2.3.0p8, < 2.2.0p29, < 2.1.0p45, and <= 2.0.0p39 (EOL) could lead to 1-click compromize of the site.
8.8
Haute
CVE-2024-28827 2024-07-10 12h41 +00:00 Incorrect permissions on the Checkmk Windows Agent's data directory in Checkmk < 2.3.0p8, < 2.2.0p29, < 2.1.0p45, and <= 2.0.0p39 (EOL) allows a local attacker to gain SYSTEM privileges.
8.8
Haute
CVE-2024-6163 2024-07-08 13h01 +00:00 Certain http endpoints of Checkmk in Checkmk < 2.3.0p10 < 2.2.0p31, < 2.1.0p46, <= 2.0.0p39 allows remote attacker to bypass authentication and access data
9.8
Critique
CVE-2024-6052 2024-07-03 14h30 +00:00 Stored XSS in Checkmk before versions 2.3.0p8, 2.2.0p29, 2.1.0p45, and 2.0.0 (EOL) allows users to execute arbitrary scripts by injecting HTML elements
6.5
Moyen
CVE-2024-38857 2024-07-02 08h11 +00:00 Improper neutralization of input in Checkmk before versions 2.3.0p8, 2.2.0p28, 2.1.0p45, and 2.0.0 (EOL) allows attackers to craft malicious links that can facilitate phishing attacks.
6.1
Moyen
CVE-2024-28830 2024-06-26 07h56 +00:00 Insertion of Sensitive Information into Log File in Checkmk GmbH's Checkmk versions <2.3.0p7, <2.2.0p28, <2.1.0p45 and <=2.0.0p39 (EOL) causes automation user secrets to be written to audit log files accessible to administrators.
2.7
Bas
CVE-2024-28832 2024-06-25 11h45 +00:00 Stored XSS in the Crash Report page in Checkmk before versions 2.3.0p7, 2.2.0p28, 2.1.0p45, and 2.0.0 (EOL) allows users with permission to change Global Settings to execute arbitrary scripts by injecting HTML elements into the Crash Report URL in the Global Settings.
4.8
Moyen
CVE-2024-28831 2024-06-25 11h45 +00:00 Stored XSS in some confirmation pop-ups in Checkmk before versions 2.3.0p7 and 2.2.0p28 allows Checkmk users to execute arbitrary scripts by injecting HTML elements into some user input fields that are shown in a confirmation pop-up.
5.4
Moyen
CVE-2024-5741 2024-06-17 11h16 +00:00 Stored XSS in inventory tree rendering in Checkmk before 2.3.0p7, 2.2.0p28, 2.1.0p45 and 2.0.0 (EOL)
6.5
Moyen
CVE-2024-28826 2024-05-29 10h00 +00:00 Improper restriction of local upload and download paths in check_sftp in Checkmk before 2.3.0p4, 2.2.0p27, 2.1.0p44, and in Checkmk 2.0.0 (EOL) allows attackers with sufficient permissions to configure the check to read and write local files on the Checkmk site server.
8.8
Haute
CVE-2024-3367 2024-04-16 11h59 +00:00 Argument injection in websphere_mq agent plugin in Checkmk 2.0.0, 2.1.0, <2.2.0p26 and <2.3.0b5 allows local attacker to inject one argument to runmqsc
6.5
Moyen