CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-6287 – Backup password in GET parameter
https://notcve.org/view.php?id=CVE-2023-6287
Sensitive data exposure in Webconf in Tribe29 Checkmk Appliance before 1.6.8 allows local attacker to retrieve passwords via reading log files. La exposición de datos confidenciales en Webconf en Tribe29 Checkmk Appliance anterior a 1.6.8 permite a un atacante local recuperar contraseñas mediante la lectura de archivos de registro. • https://checkmk.com/werk/9554 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-532: Insertion of Sensitive Information into Log File CWE-598: Use of GET Request Method With Sensitive Query Strings •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-22318 – Denial of service against webconf
https://notcve.org/view.php?id=CVE-2023-22318
Denial of service in Webconf in Tribe29 Checkmk Appliance before 1.6.5. • https://checkmk.com/werk/9526 • CWE-412: Unrestricted Externally Accessible Lock CWE-667: Improper Locking •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2023-22309 – Reflected Cross Site Scripting (XSS)
https://notcve.org/view.php?id=CVE-2023-22309
Reflective Cross-Site-Scripting in Webconf in Tribe29 Checkmk Appliance before 1.6.4. • https://checkmk.com/werk/9523 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-22307 – Site-Passwords in GET parameters
https://notcve.org/view.php?id=CVE-2023-22307
Sensitive data exposure in Webconf in Tribe29 Checkmk Appliance before 1.6.4 allows local attacker to retrieve passwords via reading log files. • https://checkmk.com/werk/9522 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-598: Use of GET Request Method With Sensitive Query Strings CWE-668: Exposure of Resource to Wrong Sphere •