CVE-2023-6251 – CSRF in delete_user_message
https://notcve.org/view.php?id=CVE-2023-6251
Cross-site Request Forgery (CSRF) in Checkmk < 2.2.0p15, < 2.1.0p37, <= 2.0.0p39 allow an authenticated attacker to delete user-messages for individual users. Cross-site Request Forgery (CSRF) en Checkmk < 2.2.0p15, < 2.1.0p37, <= 2.0.0p39 permite a un atacante autenticado eliminar mensajes de usuario para usuarios individuales. • https://checkmk.com/werk/16224 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVE-2023-6157 – Livestatus injection in ajax_search
https://notcve.org/view.php?id=CVE-2023-6157
Improper neutralization of livestatus command delimiters in ajax_search in Checkmk <= 2.0.0p39, < 2.1.0p37, and < 2.2.0p15 allows arbitrary livestatus command execution for authorized users. La neutralización inadecuada de los delimitadores de comandos de estado de vida en ajax_search en Checkmk <= 2.0.0p39, < 2.1.0p37 y < 2.2.0p15 permite la ejecución arbitraria de comandos de estado de vida para usuarios autorizados. • https://checkmk.com/werk/16221 • CWE-140: Improper Neutralization of Delimiters •
CVE-2023-6156 – Livestatus injection in availability timeline
https://notcve.org/view.php?id=CVE-2023-6156
Improper neutralization of livestatus command delimiters in the availability timeline in Checkmk <= 2.0.0p39, < 2.1.0p37, and < 2.2.0p15 allows arbitrary livestatus command execution for authorized users. La neutralización inadecuada de los delimitadores de comandos de estado de vida en la línea de tiempo de disponibilidad en Checkmk <= 2.0.0p39, < 2.1.0p37 y < 2.2.0p15 permite la ejecución arbitraria de comandos de estado de vida para usuarios autorizados. • https://checkmk.com/werk/16221 • CWE-140: Improper Neutralization of Delimiters •
CVE-2023-23549 – DoS via long hostnames
https://notcve.org/view.php?id=CVE-2023-23549
Improper Input Validation in Checkmk <2.2.0p15, <2.1.0p37, <=2.0.0p39 allows priviledged attackers to cause partial denial of service of the UI via too long hostnames. La validación de entrada inadecuada en Checkmk <2.2.0p15, <2.1.0p37, <=2.0.0p39 permite a atacantes privilegiados provocar una denegación parcial de servicio de la interfaz de usuario a través de nombres de host demasiado largos. • https://checkmk.com/werk/16219 • CWE-20: Improper Input Validation CWE-1284: Improper Validation of Specified Quantity in Input •
CVE-2023-31209 – Command injection via active checks and REST API
https://notcve.org/view.php?id=CVE-2023-31209
Improper neutralization of active check command arguments in Checkmk < 2.1.0p32, < 2.0.0p38, < 2.2.0p4 leads to arbitrary command execution for authenticated users. • https://checkmk.com/werk/15194 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •