Checkmk: >> Checkmk >> 2.3.0 Security Vulnerabilities
Improper restriction of local upload and download paths in check_sftp in Checkmk before 2.3.0p4, 2.2.0p27, 2.1.0p44, and in Checkmk 2.0.0 (EOL) allows attackers with sufficient permissions to configure the check to read and write local files on the Checkmk site server.
CVSS Score
8.8
EPSS Score
0.004
Published
2024-05-29
Improper restriction of excessive authentication attempts on some authentication methods in Checkmk before 2.3.0b5 (beta), 2.2.0p26, 2.1.0p43, and in Checkmk 2.0.0 (EOL) facilitates password brute-forcing.
CVSS Score
5.9
EPSS Score
0.001
Published
2024-04-24
Argument injection in websphere_mq agent plugin in Checkmk 2.0.0, 2.1.0, <2.2.0p26 and <2.3.0b5 allows local attacker to inject one argument to runmqsc
CVSS Score
6.5
EPSS Score
0.001
Published
2024-04-16
Stored XSS in graph rendering in Checkmk <2.3.0b4.
CVSS Score
4.6
EPSS Score
0.006
Published
2024-04-05
Least privilege violation in the Checkmk agent plugins mk_oracle, mk_oracle.ps1, and mk_oracle_crs before Checkmk 2.3.0b4 (beta), 2.2.0p24, 2.1.0p41 and 2.0.0 (EOL) allows local users to escalate privileges.
CVSS Score
8.2
EPSS Score
0.0
Published
2024-03-22
Invocation of the sqlplus command with sensitive information in the command line in the mk_oracle Checkmk agent plugin before Checkmk 2.3.0b4 (beta), 2.2.0p24, 2.1.0p41 and 2.0.0 (EOL) allows the extraction of this information from the process list.
CVSS Score
3.8
EPSS Score
0.001
Published
2024-03-22
Least privilege violation and reliance on untrusted inputs in the mk_informix Checkmk agent plugin before Checkmk 2.3.0b4 (beta), 2.2.0p24, 2.1.0p41 and 2.0.0 (EOL) allows local users to escalate privileges.
CVSS Score
8.8
EPSS Score
0.001
Published
2024-03-22
Page 3