5 matches found
CVE-2026-2859
Improper permission enforcement in Checkmk versions 2.4.0 before 2.4.0p23, 2.3.0 before 2.3.0p43, and 2.2.0 EOL allows unauthenticated users to enumerate existing hosts by observing different HTTP response codes in deployagent endpoint, which could lead to information disclosure...
CVE-2026-24097 Authenticated Host Enumeration via Observable Response Discrepancy on Agent Register Existing Endpoint
Improper permission enforcement in Checkmk versions 2.4.0 before 2.4.0p23, 2.3.0 before 2.3.0p43, and 2.2.0 EOL allows authenticated users to enumerate existing hosts by observing different HTTP response codes in agent-receiver/registerexisting endpoint, which could lead to information disclosure...
PT-2026-25169
Improper permission enforcement in Checkmk versions 2.4.0 before 2.4.0p23, 2.3.0 before 2.3.0p43, and 2.2.0 EOL allows unauthenticated users to enumerate existing hosts by observing different HTTP response codes in deploy agent endpoint, which could lead to information disclosure...
PT-2026-25168
Improper permission enforcement in Checkmk versions 2.4.0 before 2.4.0p23, 2.3.0 before 2.3.0p43, and 2.2.0 EOL allows authenticated users to enumerate existing hosts by observing different HTTP response codes in agent-receiver/register existing endpoint, which could lead to information disclosur...
Authorization Bypass
org.apache.activemq:artemis-server is vulnerable to Authorization Bypass. The vulnerability is due to improper permission enforcement due to users being able to augment the routing-type of an address without having the necessary createAddress permission, potentially allowing unauthorized message...