Vulnerabilities > CVE-2023-2020 - Incorrect Authorization vulnerability in Checkmk 2.1.0/2.2.0

047910
CVSS 4.3 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
LOW
Confidentiality impact
NONE
Integrity impact
LOW
Availability impact
NONE
network
low complexity
checkmk
CWE-863

Summary

Insufficient permission checks in the REST API in Tribe29 Checkmk <= 2.1.0p27 and <= 2.2.0b4 (beta) allow unauthorized users to schedule downtimes for any host.

Vulnerable Configurations

Part Description Count
Application
Checkmk
41

Common Weakness Enumeration (CWE)