CVE-2023-2020

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2023-2020

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-2020.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2023-2020

Downstream

UBUNTU-CVE-2023-2020

Published

2023-04-18T12:15:07.537Z

Modified

2025-11-20T12:24:24.607424Z

Severity

4.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N CVSS Calculator

Summary

[none]

Details

Insufficient permission checks in the REST API in Tribe29 Checkmk <= 2.1.0p27 and <= 2.2.0b4 (beta) allow unauthorized users to schedule downtimes for any host.

References

https://checkmk.com/werk/13981

Affected packages

Git / github.com/checkmk/checkmk

Affected ranges

Type: GIT
Repo: https://github.com/checkmk/checkmk
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

04c27ac750cc5a20ed931e7d920cb007897b7d3c

Last affected

0a8b67d5baf80c5677a2070c0eff2523854e88bc

Last affected

0c39f13b1a2025dd8ba4926b1da72a86d3a08661

Last affected

0e046c3b22294ef5ec66b8372ece87becf7d3430

Last affected

158833c70eca216170cdd4b16c2955106f5ce14e

Last affected

267fa27ce44b36ca91fbd6446837c5713df736fc

Last affected

30b2599d7a503a4993b801cb233784d545e2ed9a

Last affected

3958c6537b40158aa2ed18975990d680085debf4

Last affected

4a9f01eaebaa33dd83008b72d3a7f54321d42b73

Last affected

4be57271cbf081c9a1719dc3b1718b43d5e52f4b

Last affected

4f2a730421ff1fb5c192128e7dfd44b1146c044f

Last affected

508755cc7caec8829b6acb83dc8857c10f3c1d9f

Last affected

516811eef93eaf64b271a824d36503197fc53679

Last affected

5f1159fd360b7aa0947da5238b056b59d011bd31

Last affected

623dcff78335d93ebf989dc65e15c5b70ada82ce

Last affected

62baa2031dbc7dfc55f4700f98773bc5cf544f48

Last affected

6a686961c4b760c55a13cfdb61e7c02be832a0be

Last affected

6d181fbfbfbc98415313b4cb0ad96ded5ddd7abd

Last affected

83c4e71db331cd43fb0769a52ceb2b5a0188a31b

Last affected

93590d801961d180c7958a478839a07b2cbb1d77

Last affected

95921f1e4125336395d0bc85434f91c0a0f8f571

Last affected

99e799274b02e6b29392845173bb5bfccccfcaba

Last affected

9b7289dd5ced8f05ec16651360c1b2db06a9b3a2

Last affected

a486871d926fd65b3b7837372d7e52614ce63e3f

Last affected

c62ef1ec227148e32aba897ca78936ae8dc6c07e

Last affected

d2b1a66866b6d320fdae51a0609425ba609530e7

Last affected

d662d3c2ed0d9784427bae8300941b732ff5d81b

Last affected

e04f338e4054b32db1de80f3e6cc75c2d65f2df5

Last affected

e6953e95b912b9fe5a4f3d87a52cad7cc7cc83f8

Last affected

e6f1a771a2ec9750625fbbd0a18495676e039b1c

Last affected

eec5d03b7dbf374bcf1a3ae41ca5a9d6a69f6acb

Affected versions

1.*

1.1.0beta17

v1.*

v1.1.0

v1.1.10

v1.1.10b1

v1.1.10b2

v1.1.11i1

v1.1.11i2

v1.1.11i3

v1.1.11i4

v1.1.12

v1.1.12b1

v1.1.12b2

v1.1.13i1

v1.1.13i2

v1.1.13i3

v1.1.2

v1.1.3

v1.1.3b1

v1.1.4

v1.1.5i0

v1.1.5i1

v1.1.5i2

v1.1.5i3

v1.1.6

v1.1.6b2

v1.1.6b3

v1.1.7i1

v1.1.7i2

v1.1.7i3

v1.1.7i4

v1.1.7i5

v1.1.8

v1.1.8b1

v1.1.8b2

v1.1.8b3

v1.1.9i1

v1.1.9i2

v1.1.9i3

v1.1.9i4

v1.1.9i5

v1.1.9i6

v1.1.9i7

v1.1.9i8

v1.1.9i9

v1.2.0b1

v1.2.0b2

v1.2.0b3

v1.2.0b4

v1.2.0b5

v1.2.0b6

v1.2.0p1

v1.2.0p2

v1.2.0p3

v1.2.1i1

v1.2.1i2

v1.2.1i3

v1.2.1i4

v1.2.1i5

v1.2.2b1

v1.2.3i1

v1.2.3i2

v1.2.3i3

v1.2.3i4

v1.2.3i5

v1.2.3i6

v1.2.3i7

v1.2.5i1

v1.2.5i2

v1.2.5i3

v1.2.5i4

v1.2.5i5

v1.2.5i6

v1.2.7i1

v1.2.7i2

v1.2.7i3

v1.4.0i1

v1.4.0i2

v1.4.0i3

v1.5.0i1

v1.5.0i2

v1.5.0i3

v1.6.0b1

v2.*

v2.0.0i1

v2.1.0

v2.1.0b1

v2.1.0b2

v2.1.0b3

v2.1.0b4

v2.1.0b5

v2.1.0b6

v2.1.0b7

v2.1.0b8

v2.1.0b9

v2.1.0p1

v2.1.0p2

v2.1.0p3

v2.1.0p4

v2.1.0p5

v2.2.0

v2.2.0-rc1

v2.2.0b1

v2.2.0b1-rc1

v2.2.0b1-rc2

v2.2.0b2

v2.2.0b2-rc1

v2.2.0b3

v2.2.0b3-rc1

v2.2.0b4

v2.2.0b4-rc1

v2.2.0b5

v2.2.0b5-rc1

v2.2.0b5-rc2

v2.2.0b6

v2.2.0b6-rc1

v2.2.0b7

v2.2.0b7-rc1

v2.2.0b8

v2.2.0b8-rc1

v2.2.0p1

v2.2.0p1-rc1

v2.2.0p2

v2.2.0p2-rc1

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-2020.json"