CVE-2025-58122

Опубликовано: 18 нояб. 2025

Источник: nvd

CVSS3: 5.4

EPSS Низкий

Описание

Insufficient permission validation in Checkmk 2.4.0 before version 2.4.0p16 allows low-privileged users to modify notification parameters via the REST API, which could lead to unauthorized actions or information disclosure.

Ссылки

https://checkmk.com/werk/18982
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:checkmk:checkmk:2.4.0:-:*:*:*:*:*:*

cpe:2.3:a:checkmk:checkmk:2.4.0:b1:*:*:*:*:*:*

cpe:2.3:a:checkmk:checkmk:2.4.0:b2:*:*:*:*:*:*

cpe:2.3:a:checkmk:checkmk:2.4.0:b3:*:*:*:*:*:*

cpe:2.3:a:checkmk:checkmk:2.4.0:b4:*:*:*:*:*:*

cpe:2.3:a:checkmk:checkmk:2.4.0:b5:*:*:*:*:*:*

cpe:2.3:a:checkmk:checkmk:2.4.0:b6:*:*:*:*:*:*

cpe:2.3:a:checkmk:checkmk:2.4.0:p1:*:*:*:*:*:*

cpe:2.3:a:checkmk:checkmk:2.4.0:p10:*:*:*:*:*:*

cpe:2.3:a:checkmk:checkmk:2.4.0:p11:*:*:*:*:*:*

cpe:2.3:a:checkmk:checkmk:2.4.0:p12:*:*:*:*:*:*

cpe:2.3:a:checkmk:checkmk:2.4.0:p13:*:*:*:*:*:*

cpe:2.3:a:checkmk:checkmk:2.4.0:p14:*:*:*:*:*:*

cpe:2.3:a:checkmk:checkmk:2.4.0:p15:*:*:*:*:*:*

cpe:2.3:a:checkmk:checkmk:2.4.0:p2:*:*:*:*:*:*

cpe:2.3:a:checkmk:checkmk:2.4.0:p3:*:*:*:*:*:*

cpe:2.3:a:checkmk:checkmk:2.4.0:p4:*:*:*:*:*:*

cpe:2.3:a:checkmk:checkmk:2.4.0:p5:*:*:*:*:*:*

cpe:2.3:a:checkmk:checkmk:2.4.0:p6:*:*:*:*:*:*

cpe:2.3:a:checkmk:checkmk:2.4.0:p7:*:*:*:*:*:*

cpe:2.3:a:checkmk:checkmk:2.4.0:p8:*:*:*:*:*:*

cpe:2.3:a:checkmk:checkmk:2.4.0:p9:*:*:*:*:*:*

EPSS

Процентиль: 10%

0.00034

Низкий

5.4 Medium

CVSS3

Дефекты

CWE-280

Связанные уязвимости

CVE-2025-58122

CVSS3: 5.4

ubuntu

3 месяца назад

CVE-2025-58122

CVSS3: 5.4

debian

3 месяца назад

Insufficient permission validation in Checkmk 2.4.0 before version 2.4 ...

GHSA-2hf3-jphf-r8cc

CVSS3: 5.4

github

3 месяца назад

EPSS

Процентиль: 10%

0.00034

Низкий

5.4 Medium

CVSS3

Дефекты

CWE-280