Home

Description

Files to be deployed with agents are accessible without authentication in Checkmk 2.1.0, Checkmk 2.2.0, Checkmk 2.3.0 and <Checkmk 2.4.0b6 allows attacker to access files that could contain secrets.

PUBLISHED Reserved 2025-04-10 | Published 2025-05-08 | Updated 2025-05-08 | Assigner Checkmk




MEDIUM: 6.3CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:N/SA:N

Problem types

CWE-497: Exposure of Sensitive System Information to an Unauthorized Control Sphere

Product status

Default status
unaffected

2.4.0 (semver) before 2.4.0b6
affected

2.3.0 (semver)
affected

2.2.0 (semver)
affected

2.1.0 (semver)
affected

Credits

Norman Kühnberger (IT Südwestfalen GmbH) reporter

References

checkmk.com/werk/17348

cve.org (CVE-2025-3506)

nvd.nist.gov (CVE-2025-3506)

Download JSON