PT-2026-25169 · Checkmk Gmbh+3 · Checkmk
Michał Krawczyk
+1
·
Publicado
2026-03-13
·
Atualizado
2026-03-13
·
CVE-2026-2859
CVSS v4.0
6.3
Média
| Vetor | AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N |
Name of the Vulnerable Software and Affected Versions
Checkmk versions 2.4.0 through 2.4.0p22
Checkmk versions 2.3.0 through 2.3.0p42
Checkmk version 2.2.0
Description
Improper permission enforcement allows unauthenticated users to enumerate existing hosts by observing different HTTP response codes in the
deploy agent API endpoint, potentially leading to information disclosure.Recommendations
Update Checkmk to version 2.4.0p23 or later.
Update Checkmk to version 2.3.0p43 or later.
Checkmk version 2.2.0 is end-of-life and should be upgraded to a supported version.
Correção
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Checkmk