CVE-2024-28829 – Privilege escalation in mk_informix plugin
https://notcve.org/view.php?id=CVE-2024-28829
Least privilege violation and reliance on untrusted inputs in the mk_informix Checkmk agent plugin before Checkmk 2.3.0p12, 2.2.0p32, 2.1.0p47 and 2.0.0 (EOL) allows local users to escalate privileges. La violación de privilegios mínimos y la dependencia de entradas no confiables en el complemento del agente Checkmk mk_informix anterior a Checkmk 2.3.0p12, 2.2.0p32, 2.1.0p47 y 2.0.0 (EOL) permite que los usuarios locales escalen privilegios. • https://checkmk.com/werk/16249 • CWE-272: Least Privilege Violation CWE-807: Reliance on Untrusted Inputs in a Security Decision •
CVE-2024-6542 – Livestatus injection in mknotifyd
https://notcve.org/view.php?id=CVE-2024-6542
Improper neutralization of livestatus command delimiters in mknotifyd in Checkmk <= 2.0.0p39, < 2.1.0p47, < 2.2.0p32 and < 2.3.0p11 allows arbitrary livestatus command execution. La neutralización incorrecta de los delimitadores de comandos de estado de vida en mknotifyd en Checkmk <= 2.0.0p39, < 2.1.0p47, < 2.2.0p32 y < 2.3.0p11 permite la ejecución arbitraria de comandos de estado de vida. • https://checkmk.com/werk/17013 • CWE-140: Improper Neutralization of Delimiters •
CVE-2024-28828 – 1-Click compromize via CSRF
https://notcve.org/view.php?id=CVE-2024-28828
Cross-Site request forgery in Checkmk < 2.3.0p8, < 2.2.0p29, < 2.1.0p45, and <= 2.0.0p39 (EOL) could lead to 1-click compromize of the site. Cross-Site Request Forgery en Checkmk < 2.3.0p8, < 2.2.0p29, < 2.1.0p45 y <= 2.0.0p39 (EOL) podría provocar que el sitio se comprometa con 1 clic. • https://checkmk.com/werk/17090 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVE-2024-28827 – Privilege escalation in Windows agent
https://notcve.org/view.php?id=CVE-2024-28827
Incorrect permissions on the Checkmk Windows Agent's data directory in Checkmk < 2.3.0p8, < 2.2.0p29, < 2.1.0p45, and <= 2.0.0p39 (EOL) allows a local attacker to gain SYSTEM privileges. Permisos incorrectos en el directorio de datos del agente de Windows Checkmk en Checkmk < 2.3.0p8, < 2.2.0p29, < 2.1.0p45 y <= 2.0.0p39 (EOL) permiten a un atacante local obtener privilegios de SYSTEM. • https://checkmk.com/werk/16845 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVE-2024-6163 – local IP restriction of internal HTTP endpoints
https://notcve.org/view.php?id=CVE-2024-6163
Certain http endpoints of Checkmk in Checkmk < 2.3.0p10 < 2.2.0p31, < 2.1.0p46, <= 2.0.0p39 allows remote attacker to bypass authentication and access data • https://checkmk.com/werk/17011 • CWE-290: Authentication Bypass by Spoofing •