It was discovered that Checkmk incorrectly handled authentication. An attacker could possibly use this issue to cause a race condition leading to information disclosure. (CVE-2017-14955)
It was discovered that Checkmk incorrectly handled certain inputs. An attacker could use these cross-site scripting issues to inject arbitrary html or javascript code to obtain sensitive information including user information, session cookies and valid credentials. (CVE-2017-9781, CVE-2021-36563, CVE-2021-40906, CVE-2022-24565)
{ "availability": "No subscription required", "binaries": [ { "binary_version": "1.2.8p16-1ubuntu0.2", "binary_name": "check-mk-agent" }, { "binary_version": "1.2.8p16-1ubuntu0.2", "binary_name": "check-mk-agent-logwatch" }, { "binary_version": "1.2.8p16-1ubuntu0.2", "binary_name": "check-mk-config-icinga" }, { "binary_version": "1.2.8p16-1ubuntu0.2", "binary_name": "check-mk-doc" }, { "binary_version": "1.2.8p16-1ubuntu0.2", "binary_name": "check-mk-livestatus" }, { "binary_version": "1.2.8p16-1ubuntu0.2", "binary_name": "check-mk-livestatus-dbgsym" }, { "binary_version": "1.2.8p16-1ubuntu0.2", "binary_name": "check-mk-multisite" }, { "binary_version": "1.2.8p16-1ubuntu0.2", "binary_name": "check-mk-server" } ] }