CVSS: 8.2EPSS: 0%CPEs: 4EXPL: 0CVE-2024-0638 – Privilege escalation in mk_oracle plugins
https://notcve.org/view.php?id=CVE-2024-0638
Least privilege violation in the Checkmk agent plugins mk_oracle, mk_oracle.ps1, and mk_oracle_crs before Checkmk 2.3.0b4 (beta), 2.2.0p24, 2.1.0p41 and 2.0.0 (EOL) allows local users to escalate privileges. La violación mínima de privilegios en los complementos del agente Checkmk mk_oracle, mk_oracle.ps1 y mk_oracle_crs antes de Checkmk 2.3.0b4 (beta), 2.2.0p24, 2.1.0p41 y 2.0.0 (EOL) permite a los usuarios locales escalar privilegios. • https://checkmk.com/werk/16232 • CWE-272: Least Privilege Violation •
CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 0CVE-2024-0670 – Privilege escalation in windows agent
https://notcve.org/view.php?id=CVE-2024-0670
Privilege escalation in windows agent plugin in Checkmk before 2.2.0p23, 2.1.0p40 and 2.0.0 (EOL) allows local user to escalate privileges La escalada de privilegios en el complemento del agente de Windows en Checkmk anterior a 2.2.0p23, 2.1.0p40 y 2.0.0 (EOL) permite al usuario local escalar privilegios • http://seclists.org/fulldisclosure/2024/Mar/29 https://checkmk.com/werk/16361 • CWE-427: Uncontrolled Search Path Element •
CVSS: 8.8EPSS: 0%CPEs: 118EXPL: 0CVE-2023-6740 – Privilege escalation in jar_signature
https://notcve.org/view.php?id=CVE-2023-6740
Privilege escalation in jar_signature agent plugin in Checkmk before 2.2.0p18, 2.1.0p38 and 2.0.0p39 allows local user to escalate privileges La escalada de privilegios en el complemento del agente jar_signature en Checkmk anterior a 2.2.0p17, 2.1.0p37 y 2.0.0p39 permite al usuario local escalar privilegios • https://checkmk.com/werk/16163 • CWE-269: Improper Privilege Management CWE-427: Uncontrolled Search Path Element •
CVSS: 8.8EPSS: 0%CPEs: 118EXPL: 0CVE-2023-6735 – Privilege escalation in mk_tsm
https://notcve.org/view.php?id=CVE-2023-6735
Privilege escalation in mk_tsm agent plugin in Checkmk before 2.2.0p18, 2.1.0p38 and 2.0.0p39 allows local user to escalate privileges La escalada de privilegios en el complemento del agente mk_tsm en Checkmk anterior a 2.2.0p17, 2.1.0p37 y 2.0.0p39 permite al usuario local escalar privilegios • https://checkmk.com/werk/16273 • CWE-20: Improper Input Validation CWE-95: Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') CWE-269: Improper Privilege Management •
CVSS: 8.8EPSS: 0%CPEs: 118EXPL: 0CVE-2023-31211 – Disabled automation users could still authenticate
https://notcve.org/view.php?id=CVE-2023-31211
Insufficient authentication flow in Checkmk before 2.2.0p18, 2.1.0p38 and 2.0.0p39 allows attacker to use locked credentials El flujo de autenticación insuficiente en Checkmk anterior a 2.2.0p17, 2.1.0p37 y 2.0.0p39 permite al atacante utilizar credenciales bloqueadas • https://checkmk.com/werk/16227 • CWE-303: Incorrect Implementation of Authentication Algorithm CWE-670: Always-Incorrect Control Flow Implementation CWE-691: Insufficient Control Flow Management •