CVE-2024-38862 – SNMP and IMPI secrets written to audit log
https://notcve.org/view.php?id=CVE-2024-38862
Insertion of Sensitive Information into Log File in Checkmk GmbH's Checkmk versions <2.3.0p18, <2.2.0p35, <2.1.0p48 and <=2.0.0p39 (EOL) causes SNMP and IMPI secrets of host and folder properties to be written to audit log files accessible to administrators. La inserción de información confidencial en el archivo de registro en las versiones de Checkmk de Checkmk GmbH <2.3.0p18, <2.2.0p35, <2.1.0p48 y <=2.0.0p39 (EOL) hace que los secretos SNMP e IMPI de las propiedades del host y de la carpeta se escriban en archivos de registro de auditoría accesibles para los administradores. • https://checkmk.com/werk/17095 • CWE-532: Insertion of Sensitive Information into Log File •
CVE-2024-6747 – Information leak in mknotifyd
https://notcve.org/view.php?id=CVE-2024-6747
Information leakage in mknotifyd in Checkmk before 2.3.0p18, 2.2.0p36, 2.1.0p49 and in 2.0.0p39 (EOL) allows attacker to get potentially sensitive data La fuga de información en mknotifyd en Checkmk anterior a 2.3.0p18, 2.2.0p36, 2.1.0p49 y en 2.0.0p39 (EOL) permite a un atacante obtener datos potencialmente confidenciales • https://checkmk.com/werk/17145 • CWE-201: Insertion of Sensitive Information Into Sent Data •
CVE-2024-6572 – Improper host key checking in active check 'Check SFTP Service' and special agent 'VNX quotas and filesystem'
https://notcve.org/view.php?id=CVE-2024-6572
Improper host key checking in active check 'Check SFTP Service' and special agent 'VNX quotas and filesystem' in Checkmk before Checkmk 2.3.0p15, 2.2.0p33, 2.1.0p48 and 2.0.0 (EOL) allows man-in-the-middle attackers to intercept traffic La verificación incorrecta de la clave del host en la verificación activa 'Check SFTP Service' y el agente especial 'VNX quotas and filesystem' en Checkmk anterior a Checkmk 2.3.0p15, 2.2.0p33, 2.1.0p48 y 2.0.0 (EOL) permite a los atacantes intermediarios interceptar el tráfico • https://checkmk.com/werk/17148 • CWE-322: Key Exchange without Entity Authentication •
CVE-2024-38859 – XSS in view page with SLA column
https://notcve.org/view.php?id=CVE-2024-38859
XSS in the view page with the SLA column configured in Checkmk versions prior to 2.3.0p14, 2.2.0p33, 2.1.0p47 and 2.0.0 (EOL) allowed malicious users to execute arbitrary scripts by injecting HTML elements into the SLA column title. These scripts could be executed when the view page was cloned by other users. • https://checkmk.com/werk/17026 • CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) •
CVE-2024-28829 – Privilege escalation in mk_informix plugin
https://notcve.org/view.php?id=CVE-2024-28829
Least privilege violation and reliance on untrusted inputs in the mk_informix Checkmk agent plugin before Checkmk 2.3.0p12, 2.2.0p32, 2.1.0p47 and 2.0.0 (EOL) allows local users to escalate privileges. La violación de privilegios mínimos y la dependencia de entradas no confiables en el complemento del agente Checkmk mk_informix anterior a Checkmk 2.3.0p12, 2.2.0p32, 2.1.0p47 y 2.0.0 (EOL) permite que los usuarios locales escalen privilegios. • https://checkmk.com/werk/16249 • CWE-272: Least Privilege Violation CWE-807: Reliance on Untrusted Inputs in a Security Decision •