It was discovered that Checkmk incorrectly handled authentication. An attacker could possibly use this issue to cause a race condition leading to information disclosure. (CVE-2017-14955)
It was discovered that Checkmk incorrectly handled certain inputs. An attacker could use these cross-site scripting issues to inject arbitrary html or javascript code to obtain sensitive information including user information, session cookies and valid credentials. (CVE-2017-9781, CVE-2021-36563, CVE-2021-40906, CVE-2022-24565)
{ "availability": "No subscription required", "binaries": [ { "binary_name": "check-mk-agent", "binary_version": "1.2.8p16-1ubuntu0.2" }, { "binary_name": "check-mk-agent-logwatch", "binary_version": "1.2.8p16-1ubuntu0.2" }, { "binary_name": "check-mk-config-icinga", "binary_version": "1.2.8p16-1ubuntu0.2" }, { "binary_name": "check-mk-livestatus", "binary_version": "1.2.8p16-1ubuntu0.2" }, { "binary_name": "check-mk-multisite", "binary_version": "1.2.8p16-1ubuntu0.2" }, { "binary_name": "check-mk-server", "binary_version": "1.2.8p16-1ubuntu0.2" } ] }
{ "cves_map": { "ecosystem": "Ubuntu:18.04:LTS", "cves": [ { "severity": [ { "type": "CVSS_V3", "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "type": "Ubuntu", "score": "medium" } ], "id": "CVE-2017-9781" }, { "severity": [ { "type": "CVSS_V3", "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "type": "Ubuntu", "score": "medium" } ], "id": "CVE-2017-14955" }, { "severity": [ { "type": "CVSS_V3", "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "type": "Ubuntu", "score": "low" } ], "id": "CVE-2021-36563" }, { "severity": [ { "type": "CVSS_V3", "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "type": "Ubuntu", "score": "medium" } ], "id": "CVE-2021-40906" }, { "severity": [ { "type": "CVSS_V3", "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "type": "Ubuntu", "score": "medium" } ], "id": "CVE-2022-24565" } ] } }