CVE-2024-28833 – Missing brute-force protection for two factor authentication
https://notcve.org/view.php?id=CVE-2024-28833
Improper restriction of excessive authentication attempts with two factor authentication methods in Checkmk 2.3 before 2.3.0p6 facilitates brute-forcing of second factor mechanisms. La restricción inadecuada de intentos de autenticación excesivos con métodos de autenticación de dos factores en Checkmk 2.3 anterior a 2.3.0p6 facilita la fuerza bruta de los mecanismos de segundo factor. • https://checkmk.com/werk/16830 • CWE-307: Improper Restriction of Excessive Authentication Attempts •
CVE-2023-6740 – Privilege escalation in jar_signature
https://notcve.org/view.php?id=CVE-2023-6740
Privilege escalation in jar_signature agent plugin in Checkmk before 2.2.0p18, 2.1.0p38 and 2.0.0p39 allows local user to escalate privileges La escalada de privilegios en el complemento del agente jar_signature en Checkmk anterior a 2.2.0p17, 2.1.0p37 y 2.0.0p39 permite al usuario local escalar privilegios • https://checkmk.com/werk/16163 • CWE-269: Improper Privilege Management CWE-427: Uncontrolled Search Path Element •
CVE-2023-6735 – Privilege escalation in mk_tsm
https://notcve.org/view.php?id=CVE-2023-6735
Privilege escalation in mk_tsm agent plugin in Checkmk before 2.2.0p18, 2.1.0p38 and 2.0.0p39 allows local user to escalate privileges La escalada de privilegios en el complemento del agente mk_tsm en Checkmk anterior a 2.2.0p17, 2.1.0p37 y 2.0.0p39 permite al usuario local escalar privilegios • https://checkmk.com/werk/16273 • CWE-20: Improper Input Validation CWE-95: Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') CWE-269: Improper Privilege Management •
CVE-2023-31211 – Disabled automation users could still authenticate
https://notcve.org/view.php?id=CVE-2023-31211
Insufficient authentication flow in Checkmk before 2.2.0p18, 2.1.0p38 and 2.0.0p39 allows attacker to use locked credentials El flujo de autenticación insuficiente en Checkmk anterior a 2.2.0p17, 2.1.0p37 y 2.0.0p39 permite al atacante utilizar credenciales bloqueadas • https://checkmk.com/werk/16227 • CWE-303: Incorrect Implementation of Authentication Algorithm CWE-670: Always-Incorrect Control Flow Implementation CWE-691: Insufficient Control Flow Management •
CVE-2023-31210 – Privilege escalation in agent via LD_LIBRARY_PATH
https://notcve.org/view.php?id=CVE-2023-31210
Usage of user controlled LD_LIBRARY_PATH in agent in Checkmk 2.2.0p10 up to 2.2.0p16 allows malicious Checkmk site user to escalate rights via injection of malicious libraries El uso de LD_LIBRARY_PATH controlado por el usuario en el agente en Checkmk 2.2.0p10 hasta 2.2.0p16 permite a un usuario malicioso del sitio Checkmk escalar derechos mediante la inyección de librerías maliciosas • https://checkmk.com/werk/16226 • CWE-427: Uncontrolled Search Path Element •