CVE-2023-6740 – Privilege escalation in jar_signature
https://notcve.org/view.php?id=CVE-2023-6740
Privilege escalation in jar_signature agent plugin in Checkmk before 2.2.0p18, 2.1.0p38 and 2.0.0p39 allows local user to escalate privileges La escalada de privilegios en el complemento del agente jar_signature en Checkmk anterior a 2.2.0p17, 2.1.0p37 y 2.0.0p39 permite al usuario local escalar privilegios • https://checkmk.com/werk/16163 • CWE-269: Improper Privilege Management CWE-427: Uncontrolled Search Path Element •
CVE-2023-6735 – Privilege escalation in mk_tsm
https://notcve.org/view.php?id=CVE-2023-6735
Privilege escalation in mk_tsm agent plugin in Checkmk before 2.2.0p18, 2.1.0p38 and 2.0.0p39 allows local user to escalate privileges La escalada de privilegios en el complemento del agente mk_tsm en Checkmk anterior a 2.2.0p17, 2.1.0p37 y 2.0.0p39 permite al usuario local escalar privilegios • https://checkmk.com/werk/16273 • CWE-20: Improper Input Validation CWE-95: Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') CWE-269: Improper Privilege Management •
CVE-2023-31211 – Disabled automation users could still authenticate
https://notcve.org/view.php?id=CVE-2023-31211
Insufficient authentication flow in Checkmk before 2.2.0p18, 2.1.0p38 and 2.0.0p39 allows attacker to use locked credentials El flujo de autenticación insuficiente en Checkmk anterior a 2.2.0p17, 2.1.0p37 y 2.0.0p39 permite al atacante utilizar credenciales bloqueadas • https://checkmk.com/werk/16227 • CWE-303: Incorrect Implementation of Authentication Algorithm CWE-670: Always-Incorrect Control Flow Implementation CWE-691: Insufficient Control Flow Management •
CVE-2023-31210 – Privilege escalation in agent via LD_LIBRARY_PATH
https://notcve.org/view.php?id=CVE-2023-31210
Usage of user controlled LD_LIBRARY_PATH in agent in Checkmk 2.2.0p10 up to 2.2.0p16 allows malicious Checkmk site user to escalate rights via injection of malicious libraries El uso de LD_LIBRARY_PATH controlado por el usuario en el agente en Checkmk 2.2.0p10 hasta 2.2.0p16 permite a un usuario malicioso del sitio Checkmk escalar derechos mediante la inyección de librerías maliciosas • https://checkmk.com/werk/16226 • CWE-427: Uncontrolled Search Path Element •
CVE-2023-6251 – CSRF in delete_user_message
https://notcve.org/view.php?id=CVE-2023-6251
Cross-site Request Forgery (CSRF) in Checkmk < 2.2.0p15, < 2.1.0p37, <= 2.0.0p39 allow an authenticated attacker to delete user-messages for individual users. Cross-site Request Forgery (CSRF) en Checkmk < 2.2.0p15, < 2.1.0p37, <= 2.0.0p39 permite a un atacante autenticado eliminar mensajes de usuario para usuarios individuales. • https://checkmk.com/werk/16224 • CWE-352: Cross-Site Request Forgery (CSRF) •