Lucene search

PRIOn knowledge basePRION:CVE-2023-2020

HistoryApr 18, 2023 - 12:15 p.m.

Design/Logic Flaw

2023-04-1812:15:00

PRIOn knowledge base

www.prio-n.com

design flaw

logic flaw

permission checks

rest api

tribe29 checkmk

unauthorized users

schedule downtimes

security vulnerability

nvd

4.5 Medium

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

17.7%

JSON

Insufficient permission checks in the REST API in Tribe29 Checkmk <= 2.1.0p27 and <= 2.2.0b4 (beta) allow unauthorized users to schedule downtimes for any host.

CPENameOperatorVersion
checkmkeq2.1.0 b2
checkmkeq2.1.0 b3
checkmkeq2.1.0 b4
checkmkeq2.1.0 b5
checkmkeq2.1.0 b6
checkmkeq2.1.0 b7
checkmkeq2.1.0 b8
checkmkeq2.1.0 b9
checkmkeq2.1.0 b1
checkmkeq2.2.0 i1

Name	Operator	Version
checkmk	eq	2.1.0 b2
checkmk	eq	2.1.0 b3
checkmk	eq	2.1.0 b4
checkmk	eq	2.1.0 b5
checkmk	eq	2.1.0 b6
checkmk	eq	2.1.0 b7
checkmk	eq	2.1.0 b8
checkmk	eq	2.1.0 b9
checkmk	eq	2.1.0 b1
checkmk	eq	2.2.0 i1

Rows per page:

1-10 of 411

References

checkmk.com/werk/13981