CVSS: 8.8EPSS: 0%CPEs: 118EXPL: 0CVE-2023-31211 – Disabled automation users could still authenticate
https://notcve.org/view.php?id=CVE-2023-31211
Insufficient authentication flow in Checkmk before 2.2.0p18, 2.1.0p38 and 2.0.0p39 allows attacker to use locked credentials El flujo de autenticación insuficiente en Checkmk anterior a 2.2.0p17, 2.1.0p37 y 2.0.0p39 permite al atacante utilizar credenciales bloqueadas • https://checkmk.com/werk/16227 • CWE-303: Incorrect Implementation of Authentication Algorithm CWE-670: Always-Incorrect Control Flow Implementation CWE-691: Insufficient Control Flow Management •
CVSS: 3.5EPSS: 0%CPEs: 119EXPL: 0CVE-2023-6251 – CSRF in delete_user_message
https://notcve.org/view.php?id=CVE-2023-6251
Cross-site Request Forgery (CSRF) in Checkmk < 2.2.0p15, < 2.1.0p37, <= 2.0.0p39 allow an authenticated attacker to delete user-messages for individual users. Cross-site Request Forgery (CSRF) en Checkmk < 2.2.0p15, < 2.1.0p37, <= 2.0.0p39 permite a un atacante autenticado eliminar mensajes de usuario para usuarios individuales. • https://checkmk.com/werk/16224 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 8.8EPSS: 0%CPEs: 119EXPL: 0CVE-2023-6157 – Livestatus injection in ajax_search
https://notcve.org/view.php?id=CVE-2023-6157
Improper neutralization of livestatus command delimiters in ajax_search in Checkmk <= 2.0.0p39, < 2.1.0p37, and < 2.2.0p15 allows arbitrary livestatus command execution for authorized users. La neutralización inadecuada de los delimitadores de comandos de estado de vida en ajax_search en Checkmk <= 2.0.0p39, < 2.1.0p37 y < 2.2.0p15 permite la ejecución arbitraria de comandos de estado de vida para usuarios autorizados. • https://checkmk.com/werk/16221 • CWE-140: Improper Neutralization of Delimiters •
CVSS: 8.8EPSS: 0%CPEs: 119EXPL: 0CVE-2023-6156 – Livestatus injection in availability timeline
https://notcve.org/view.php?id=CVE-2023-6156
Improper neutralization of livestatus command delimiters in the availability timeline in Checkmk <= 2.0.0p39, < 2.1.0p37, and < 2.2.0p15 allows arbitrary livestatus command execution for authorized users. La neutralización inadecuada de los delimitadores de comandos de estado de vida en la línea de tiempo de disponibilidad en Checkmk <= 2.0.0p39, < 2.1.0p37 y < 2.2.0p15 permite la ejecución arbitraria de comandos de estado de vida para usuarios autorizados. • https://checkmk.com/werk/16221 • CWE-140: Improper Neutralization of Delimiters •
CVSS: 2.7EPSS: 0%CPEs: 118EXPL: 0CVE-2023-23549 – DoS via long hostnames
https://notcve.org/view.php?id=CVE-2023-23549
Improper Input Validation in Checkmk <2.2.0p15, <2.1.0p37, <=2.0.0p39 allows priviledged attackers to cause partial denial of service of the UI via too long hostnames. La validación de entrada inadecuada en Checkmk <2.2.0p15, <2.1.0p37, <=2.0.0p39 permite a atacantes privilegiados provocar una denegación parcial de servicio de la interfaz de usuario a través de nombres de host demasiado largos. • https://checkmk.com/werk/16219 • CWE-20: Improper Input Validation CWE-1284: Improper Validation of Specified Quantity in Input •