Vulnerabilities > CVE-2022-48318 - Missing Authorization vulnerability in Checkmk 2.0.0/2.1.0

047910
CVSS 5.3 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
LOW
Integrity impact
NONE
Availability impact
NONE
network
low complexity
checkmk
CWE-862

Summary

No authorisation controls in the RestAPI documentation for Tribe29's Checkmk <= 2.1.0p13 and Checkmk <= 2.0.0p29 which may lead to unintended information disclosure through automatically generated user specific tags within Rest API documentation.

Vulnerable Configurations

Part Description Count
Application
Checkmk
62

Common Weakness Enumeration (CWE)