Page 8 of 58 results (0.011 seconds)

CVSS: 5.4EPSS: 0%CPEs: 77EXPL: 0

HTML Email Injection in Tribe29 Checkmk <=2.1.0p23; <=2.0.0p34, and all versions of Checkmk 1.6.0 allows an authenticated attacker to inject malicious HTML into Emails • https://checkmk.com/werk/15069 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-138: Improper Neutralization of Special Elements •

CVSS: 5.4EPSS: 0%CPEs: 111EXPL: 0

Cross-site Request Forgery (CSRF) in Tribe29's Checkmk <= 2.1.0p17, Checkmk <= 2.0.0p31, and all versions of Checkmk 1.6.0 (EOL) allow an attacker to add new visual elements to multiple pages. • https://checkmk.com/werk/14924 • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 6.5EPSS: 0%CPEs: 105EXPL: 0

Sensitive host secret disclosed in cmk-update-agent.log file in Tribe29's Checkmk <= 2.1.0p13, Checkmk <= 2.0.0p29, and all versions of Checkmk 1.6.0 (EOL) allows an attacker to gain access to the host secret through the unprotected agent updater log file. • https://checkmk.com/werk/14916 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-532: Insertion of Sensitive Information into Log File •

CVSS: 5.3EPSS: 0%CPEs: 62EXPL: 0

No authorisation controls in the RestAPI documentation for Tribe29's Checkmk <= 2.1.0p13 and Checkmk <= 2.0.0p29 which may lead to unintended information disclosure through automatically generated user specific tags within Rest API documentation. • https://checkmk.com/werk/14509 • CWE-862: Missing Authorization •

CVSS: 9.8EPSS: 0%CPEs: 58EXPL: 0

Expired sessions were not securely terminated in the RestAPI for Tribe29's Checkmk <= 2.1.0p10 and Checkmk <= 2.0.0p28 allowing an attacker to use expired session tokens when communicating with the RestAPI. • https://checkmk.com/werk/14485 • CWE-613: Insufficient Session Expiration •