Insufficient permission validation in Checkmk 2.4.0 before version 2.4.0p16 allows low-privileged users to modify notification parameters via the REST API, which could lead to unauthorized actions or information disclosure.
2025-11-18T16:15:44.930
2025-11-24T13:58:28.350
Analyzed
CVSSv3.1: 5.4 (MEDIUM)
| Type | Vendor | Product | Version/Range | Vulnerable? |
|---|---|---|---|---|
| Application | checkmk | checkmk | 2.4.0 | Yes |
| Application | checkmk | checkmk | 2.4.0 | Yes |
| Application | checkmk | checkmk | 2.4.0 | Yes |
| Application | checkmk | checkmk | 2.4.0 | Yes |
| Application | checkmk | checkmk | 2.4.0 | Yes |
| Application | checkmk | checkmk | 2.4.0 | Yes |
| Application | checkmk | checkmk | 2.4.0 | Yes |
| Application | checkmk | checkmk | 2.4.0 | Yes |
| Application | checkmk | checkmk | 2.4.0 | Yes |
| Application | checkmk | checkmk | 2.4.0 | Yes |
| Application | checkmk | checkmk | 2.4.0 | Yes |
| Application | checkmk | checkmk | 2.4.0 | Yes |
| Application | checkmk | checkmk | 2.4.0 | Yes |
| Application | checkmk | checkmk | 2.4.0 | Yes |
| Application | checkmk | checkmk | 2.4.0 | Yes |
| Application | checkmk | checkmk | 2.4.0 | Yes |
| Application | checkmk | checkmk | 2.4.0 | Yes |
| Application | checkmk | checkmk | 2.4.0 | Yes |
| Application | checkmk | checkmk | 2.4.0 | Yes |
| Application | checkmk | checkmk | 2.4.0 | Yes |
| Application | checkmk | checkmk | 2.4.0 | Yes |
| Application | checkmk | checkmk | 2.4.0 | Yes |