fkie_cve-2023-2020
Vulnerability from fkie_nvd
Published
2023-04-18 12:15
Modified
2024-11-21 07:57
Summary
Insufficient permission checks in the REST API in Tribe29 Checkmk <= 2.1.0p27 and <= 2.2.0b4 (beta) allow unauthorized users to schedule downtimes for any host.



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:checkmk:checkmk:2.1.0:-:*:*:*:*:*:*",
              "matchCriteriaId": "1AE224D8-742B-4D1F-ABBE-3DDA3EA5C5AD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:checkmk:checkmk:2.1.0:b1:*:*:*:*:*:*",
              "matchCriteriaId": "1E6FCE7B-7ECE-42A4-82C5-12A647B0CCC8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:checkmk:checkmk:2.1.0:b2:*:*:*:*:*:*",
              "matchCriteriaId": "923AA113-D5E7-4F78-88BA-B72EF250F3EA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:checkmk:checkmk:2.1.0:b3:*:*:*:*:*:*",
              "matchCriteriaId": "B1984F57-A313-48AC-B8F9-F352D82824D6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:checkmk:checkmk:2.1.0:b4:*:*:*:*:*:*",
              "matchCriteriaId": "A38DB527-72A6-40B8-B46F-B8E78BFFDB1F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:checkmk:checkmk:2.1.0:b5:*:*:*:*:*:*",
              "matchCriteriaId": "67643E11-91A1-4580-BC4C-574074C862CB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:checkmk:checkmk:2.1.0:b6:*:*:*:*:*:*",
              "matchCriteriaId": "350B7E0F-D234-4D7C-91E4-F35E73579A24",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:checkmk:checkmk:2.1.0:b7:*:*:*:*:*:*",
              "matchCriteriaId": "DE58ACA9-8078-46A7-8487-C06E4E38F372",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:checkmk:checkmk:2.1.0:b8:*:*:*:*:*:*",
              "matchCriteriaId": "B3D8CF4D-E1F8-4D8D-A8A9-1783CAC869E4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:checkmk:checkmk:2.1.0:b9:*:*:*:*:*:*",
              "matchCriteriaId": "58B0B051-7D3C-4EC7-96B0-38A1CC108D61",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:checkmk:checkmk:2.1.0:p1:*:*:*:*:*:*",
              "matchCriteriaId": "B783A741-AAF2-43EE-8272-9239133A01E8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:checkmk:checkmk:2.1.0:p10:*:*:*:*:*:*",
              "matchCriteriaId": "A5F275A3-A99E-40E1-BD77-694FA568541F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:checkmk:checkmk:2.1.0:p11:*:*:*:*:*:*",
              "matchCriteriaId": "3A44BF1A-5BE0-4412-B51D-055445758B61",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:checkmk:checkmk:2.1.0:p12:*:*:*:*:*:*",
              "matchCriteriaId": "A31BAE94-9096-4320-AC19-AA204E8EC08D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:checkmk:checkmk:2.1.0:p13:*:*:*:*:*:*",
              "matchCriteriaId": "1B0784EA-98E8-4490-B97B-894F188A223D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:checkmk:checkmk:2.1.0:p14:*:*:*:*:*:*",
              "matchCriteriaId": "A56A901F-1040-4DB9-9BE3-FE1999C514CA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:checkmk:checkmk:2.1.0:p15:*:*:*:*:*:*",
              "matchCriteriaId": "58A904FC-C015-469D-8502-E678D5FDBD06",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:checkmk:checkmk:2.1.0:p16:*:*:*:*:*:*",
              "matchCriteriaId": "1B5D109C-60AA-4FA4-9B10-2191AAF109F2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:checkmk:checkmk:2.1.0:p17:*:*:*:*:*:*",
              "matchCriteriaId": "37297866-24BB-4044-8744-EC0A8C29F152",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:checkmk:checkmk:2.1.0:p18:*:*:*:*:*:*",
              "matchCriteriaId": "F9D4A171-CCB3-43B8-8B70-78610423E7C0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:checkmk:checkmk:2.1.0:p2:*:*:*:*:*:*",
              "matchCriteriaId": "4DA8F776-A724-48FC-B7EF-13788BC69753",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:checkmk:checkmk:2.1.0:p20:*:*:*:*:*:*",
              "matchCriteriaId": "46F42A22-99F2-4DF5-9B00-3123396F87AC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:checkmk:checkmk:2.1.0:p21:*:*:*:*:*:*",
              "matchCriteriaId": "1C59D4D3-D526-4E6B-B3AA-FE485D030190",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:checkmk:checkmk:2.1.0:p22:*:*:*:*:*:*",
              "matchCriteriaId": "65E5CAE6-DC8B-47B3-84A0-D79B0C33EB45",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:checkmk:checkmk:2.1.0:p23:*:*:*:*:*:*",
              "matchCriteriaId": "8B9E0D89-79E2-476A-8A3E-8443316BC310",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:checkmk:checkmk:2.1.0:p24:*:*:*:*:*:*",
              "matchCriteriaId": "38EA0591-C30B-4102-8A06-1B922FD3A0C7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:checkmk:checkmk:2.1.0:p25:*:*:*:*:*:*",
              "matchCriteriaId": "5E9AF0D3-8DD6-4EC7-BB33-54401D4025FC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:checkmk:checkmk:2.1.0:p26:*:*:*:*:*:*",
              "matchCriteriaId": "983604CC-DD2C-42A9-8B9D-A9A261CE8BA6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:checkmk:checkmk:2.1.0:p27:*:*:*:*:*:*",
              "matchCriteriaId": "224960F7-695C-415B-B991-E8C01859AA80",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:checkmk:checkmk:2.1.0:p3:*:*:*:*:*:*",
              "matchCriteriaId": "076463AA-195F-4CD6-861B-72FE1C8A407F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:checkmk:checkmk:2.1.0:p4:*:*:*:*:*:*",
              "matchCriteriaId": "63043834-98E5-47C2-91F1-41B98270ABCA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:checkmk:checkmk:2.1.0:p5:*:*:*:*:*:*",
              "matchCriteriaId": "FCF745D0-2EA6-4414-90BC-99D3ED08BB01",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:checkmk:checkmk:2.1.0:p6:*:*:*:*:*:*",
              "matchCriteriaId": "4823087F-D7FA-4594-8FD3-412DE5EA1F02",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:checkmk:checkmk:2.1.0:p7:*:*:*:*:*:*",
              "matchCriteriaId": "6429F9CE-D477-4CFF-B6E0-4BF11B61ED0E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:checkmk:checkmk:2.1.0:p8:*:*:*:*:*:*",
              "matchCriteriaId": "A50C58F9-94ED-4D85-8331-2D81F8E0760A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:checkmk:checkmk:2.1.0:p9:*:*:*:*:*:*",
              "matchCriteriaId": "9A6AC0BD-FB65-4FAA-B344-66F87F16F8B3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:checkmk:checkmk:2.2.0:b1:*:*:*:*:*:*",
              "matchCriteriaId": "B068974F-6F67-4CBB-B567-FCED86E28F22",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:checkmk:checkmk:2.2.0:b2:*:*:*:*:*:*",
              "matchCriteriaId": "EA70F36A-EEF6-48DC-B15E-055D0DE8A052",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:checkmk:checkmk:2.2.0:b3:*:*:*:*:*:*",
              "matchCriteriaId": "B2017F38-38DB-4E96-B34F-160BC731CBBE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:checkmk:checkmk:2.2.0:b4:*:*:*:*:*:*",
              "matchCriteriaId": "0949F399-371B-409C-AF9F-32690D881440",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:checkmk:checkmk:2.2.0:i1:*:*:*:*:*:*",
              "matchCriteriaId": "4F0B99A8-A124-43BD-B8AA-EECC9112346F",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Insufficient permission checks in the REST API in Tribe29 Checkmk \u003c= 2.1.0p27 and \u003c= 2.2.0b4 (beta) allow unauthorized users to schedule downtimes for any host."
    }
  ],
  "id": "CVE-2023-2020",
  "lastModified": "2024-11-21T07:57:46.397",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 1.4,
        "source": "security@checkmk.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 1.4,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2023-04-18T12:15:07.537",
  "references": [
    {
      "source": "security@checkmk.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://checkmk.com/werk/13981"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://checkmk.com/werk/13981"
    }
  ],
  "sourceIdentifier": "security@checkmk.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-280"
        }
      ],
      "source": "security@checkmk.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-863"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading…

Loading…

Loading…

Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.


Loading…

Loading…