Check Mk Project: >> Check Mk >> 1.2.5 Security Vulnerabilities
Check_MK through 1.2.5i2p1 allows local users to read arbitrary files via a symlink attack to a file in /var/lib/check_mk_agent/job.
CVSS Score
5.5
EPSS Score
0.0
Published
2018-07-19
Check_MK before 1.2.4p4 and 1.2.5 before 1.2.5i4 allows remote authenticated users to write check_mk config files (.mk files) to arbitrary locations via vectors related to row selections.
CVSS Score
4.9
EPSS Score
0.005
Published
2014-09-02
The wato component in Check_MK before 1.2.4p4 and 1.2.5 before 1.2.5i4 uses the pickle Python module unsafely, which allows remote attackers to execute arbitrary code via a crafted serialized object, related to an automation URL.
CVSS Score
9.3
EPSS Score
0.032
Published
2014-09-02
Multiple cross-site scripting (XSS) vulnerabilities in the multisite component in Check_MK before 1.2.4p4 and 1.2.5 before 1.2.5i4 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors to the (1) render_status_icons function in htmllib.py or (2) ajax_action function in actions.py.
CVSS Score
3.5
EPSS Score
0.003
Published
2014-08-22