Home
MEDIUM: 6.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:NDefault status
unaffected
2.4.0 (semver) before 2.4.0p23
affected
2.3.0 (semver) before 2.3.0p43
affected
2.2.0 (semver)
affected
Description
Improper permission enforcement in Checkmk versions 2.4.0 before 2.4.0p23, 2.3.0 before 2.3.0p43, and 2.2.0 (EOL) allows unauthenticated users to enumerate existing hosts by observing different HTTP response codes in deploy_agent endpoint, which could lead to information disclosure.
Problem types
CWE-204: Observable Response Discrepancy
Product status
2.4.0 (semver) before 2.4.0p23
2.3.0 (semver) before 2.3.0p43
2.2.0 (semver)