{"id":"CVE-2023-2020","details":"Insufficient permission checks in the REST API in Tribe29 Checkmk \u003c= 2.1.0p27 and \u003c= 2.2.0b4 (beta) allow unauthorized users to schedule downtimes for any host.","modified":"2026-04-10T04:54:10.716011Z","published":"2023-04-18T12:15:07.537Z","references":[{"type":"ADVISORY","url":"https://checkmk.com/werk/13981"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/checkmk/checkmk","events":[{"introduced":"0"},{"last_affected":"6a686961c4b760c55a13cfdb61e7c02be832a0be"},{"introduced":"0"},{"last_affected":"516811eef93eaf64b271a824d36503197fc53679"},{"introduced":"0"},{"last_affected":"0e046c3b22294ef5ec66b8372ece87becf7d3430"},{"introduced":"0"},{"last_affected":"83c4e71db331cd43fb0769a52ceb2b5a0188a31b"},{"introduced":"0"},{"last_affected":"62baa2031dbc7dfc55f4700f98773bc5cf544f48"},{"introduced":"0"},{"last_affected":"04c27ac750cc5a20ed931e7d920cb007897b7d3c"},{"introduced":"0"},{"last_affected":"30b2599d7a503a4993b801cb233784d545e2ed9a"},{"introduced":"0"},{"last_affected":"e04f338e4054b32db1de80f3e6cc75c2d65f2df5"},{"introduced":"0"},{"last_affected":"95921f1e4125336395d0bc85434f91c0a0f8f571"},{"introduced":"0"},{"last_affected":"9b7289dd5ced8f05ec16651360c1b2db06a9b3a2"},{"introduced":"0"},{"last_affected":"516811eef93eaf64b271a824d36503197fc53679"},{"introduced":"0"},{"last_affected":"d662d3c2ed0d9784427bae8300941b732ff5d81b"},{"introduced":"0"},{"last_affected":"4be57271cbf081c9a1719dc3b1718b43d5e52f4b"},{"introduced":"0"},{"last_affected":"a486871d926fd65b3b7837372d7e52614ce63e3f"},{"introduced":"0"},{"last_affected":"3958c6537b40158aa2ed18975990d680085debf4"},{"introduced":"0"},{"last_affected":"508755cc7caec8829b6acb83dc8857c10f3c1d9f"},{"introduced":"0"},{"last_affected":"4f2a730421ff1fb5c192128e7dfd44b1146c044f"},{"introduced":"0"},{"last_affected":"eec5d03b7dbf374bcf1a3ae41ca5a9d6a69f6acb"},{"introduced":"0"},{"last_affected":"c62ef1ec227148e32aba897ca78936ae8dc6c07e"},{"introduced":"0"},{"last_affected":"d2b1a66866b6d320fdae51a0609425ba609530e7"},{"introduced":"0"},{"last_affected":"0e046c3b22294ef5ec66b8372ece87becf7d3430"},{"introduced":"0"},{"last_affected":"99e799274b02e6b29392845173bb5bfccccfcaba"},{"introduced":"0"},{"last_affected":"158833c70eca216170cdd4b16c2955106f5ce14e"},{"introduced":"0"},{"last_affected":"e6f1a771a2ec9750625fbbd0a18495676e039b1c"},{"introduced":"0"},{"last_affected":"e6953e95b912b9fe5a4f3d87a52cad7cc7cc83f8"},{"introduced":"0"},{"last_affected":"0c39f13b1a2025dd8ba4926b1da72a86d3a08661"},{"introduced":"0"},{"last_affected":"623dcff78335d93ebf989dc65e15c5b70ada82ce"},{"introduced":"0"},{"last_affected":"0a8b67d5baf80c5677a2070c0eff2523854e88bc"},{"introduced":"0"},{"last_affected":"5f1159fd360b7aa0947da5238b056b59d011bd31"},{"introduced":"0"},{"last_affected":"83c4e71db331cd43fb0769a52ceb2b5a0188a31b"},{"introduced":"0"},{"last_affected":"62baa2031dbc7dfc55f4700f98773bc5cf544f48"},{"introduced":"0"},{"last_affected":"04c27ac750cc5a20ed931e7d920cb007897b7d3c"},{"introduced":"0"},{"last_affected":"30b2599d7a503a4993b801cb233784d545e2ed9a"},{"introduced":"0"},{"last_affected":"e04f338e4054b32db1de80f3e6cc75c2d65f2df5"},{"introduced":"0"},{"last_affected":"95921f1e4125336395d0bc85434f91c0a0f8f571"},{"introduced":"0"},{"last_affected":"9b7289dd5ced8f05ec16651360c1b2db06a9b3a2"},{"introduced":"0"},{"last_affected":"6d181fbfbfbc98415313b4cb0ad96ded5ddd7abd"},{"introduced":"0"},{"last_affected":"267fa27ce44b36ca91fbd6446837c5713df736fc"},{"introduced":"0"},{"last_affected":"93590d801961d180c7958a478839a07b2cbb1d77"},{"introduced":"0"},{"last_affected":"4a9f01eaebaa33dd83008b72d3a7f54321d42b73"},{"introduced":"0"},{"last_affected":"6d181fbfbfbc98415313b4cb0ad96ded5ddd7abd"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"2.1.0-NA"},{"introduced":"0"},{"last_affected":"2.1.0-b1"},{"introduced":"0"},{"last_affected":"2.1.0-b2"},{"introduced":"0"},{"last_affected":"2.1.0-b3"},{"introduced":"0"},{"last_affected":"2.1.0-b4"},{"introduced":"0"},{"last_affected":"2.1.0-b5"},{"introduced":"0"},{"last_affected":"2.1.0-b6"},{"introduced":"0"},{"last_affected":"2.1.0-b7"},{"introduced":"0"},{"last_affected":"2.1.0-b8"},{"introduced":"0"},{"last_affected":"2.1.0-b9"},{"introduced":"0"},{"last_affected":"2.1.0-p1"},{"introduced":"0"},{"last_affected":"2.1.0-p10"},{"introduced":"0"},{"last_affected":"2.1.0-p11"},{"introduced":"0"},{"last_affected":"2.1.0-p12"},{"introduced":"0"},{"last_affected":"2.1.0-p13"},{"introduced":"0"},{"last_affected":"2.1.0-p14"},{"introduced":"0"},{"last_affected":"2.1.0-p15"},{"introduced":"0"},{"last_affected":"2.1.0-p16"},{"introduced":"0"},{"last_affected":"2.1.0-p17"},{"introduced":"0"},{"last_affected":"2.1.0-p18"},{"introduced":"0"},{"last_affected":"2.1.0-p2"},{"introduced":"0"},{"last_affected":"2.1.0-p20"},{"introduced":"0"},{"last_affected":"2.1.0-p21"},{"introduced":"0"},{"last_affected":"2.1.0-p22"},{"introduced":"0"},{"last_affected":"2.1.0-p23"},{"introduced":"0"},{"last_affected":"2.1.0-p24"},{"introduced":"0"},{"last_affected":"2.1.0-p25"},{"introduced":"0"},{"last_affected":"2.1.0-p26"},{"introduced":"0"},{"last_affected":"2.1.0-p27"},{"introduced":"0"},{"last_affected":"2.1.0-p3"},{"introduced":"0"},{"last_affected":"2.1.0-p4"},{"introduced":"0"},{"last_affected":"2.1.0-p5"},{"introduced":"0"},{"last_affected":"2.1.0-p6"},{"introduced":"0"},{"last_affected":"2.1.0-p7"},{"introduced":"0"},{"last_affected":"2.1.0-p8"},{"introduced":"0"},{"last_affected":"2.1.0-p9"},{"introduced":"0"},{"last_affected":"2.2.0-b1"},{"introduced":"0"},{"last_affected":"2.2.0-b2"},{"introduced":"0"},{"last_affected":"2.2.0-b3"},{"introduced":"0"},{"last_affected":"2.2.0-b4"},{"introduced":"0"},{"last_affected":"2.2.0-i1"}]}}],"versions":["1.1.0beta17","v1.1.0","v1.1.10","v1.1.10b1","v1.1.10b2","v1.1.11i1","v1.1.11i2","v1.1.11i3","v1.1.13i2","v1.1.13i3","v1.1.2","v1.1.3","v1.1.4","v1.1.6","v1.1.6b2","v1.1.7i2","v1.1.7i3","v1.1.7i4","v1.1.7i5","v1.1.8","v1.1.8b1","v1.1.8b2","v1.1.8b3","v1.1.9i1","v1.1.9i3","v1.1.9i4","v1.1.9i5","v1.1.9i7","v1.1.9i8","v1.1.9i9","v1.2.0b2","v1.2.0b3","v1.2.0b4","v1.2.0p1","v1.2.1i5","v1.2.3i4","v1.2.3i5","v1.2.3i6","v1.2.5i1","v1.2.5i6","v1.4.0i1","v1.4.0i2","v1.4.0i3","v1.5.0i1","v1.5.0i2","v1.5.0i3","v1.6.0b1","v2.0.0i1","v2.1.0","v2.1.0b1","v2.1.0b2","v2.1.0b3","v2.1.0b4","v2.1.0b5","v2.1.0b6","v2.1.0b7","v2.1.0b8","v2.1.0b9","v2.1.0p1","v2.1.0p10","v2.1.0p11","v2.1.0p11-rc1","v2.1.0p11-rc2","v2.1.0p12","v2.1.0p12-rc1","v2.1.0p12-rc2","v2.1.0p13","v2.1.0p13-rc1","v2.1.0p13-rc2","v2.1.0p13-rc3","v2.1.0p14","v2.1.0p14-rc1","v2.1.0p14-rc2","v2.1.0p14-rc3","v2.1.0p15","v2.1.0p15-rc1","v2.1.0p15-rc2","v2.1.0p15-rc3","v2.1.0p16","v2.1.0p16-rc1","v2.1.0p16-rc2","v2.1.0p17","v2.1.0p17-rc1","v2.1.0p17-rc2","v2.1.0p18","v2.1.0p18-rc1","v2.1.0p19","v2.1.0p19-rc1","v2.1.0p19-rc2","v2.1.0p2","v2.1.0p20","v2.1.0p20-rc1","v2.1.0p20-rc2","v2.1.0p21","v2.1.0p21-rc1","v2.1.0p21-rc2","v2.1.0p22","v2.1.0p22-rc1","v2.1.0p23","v2.1.0p23-rc1","v2.1.0p23-rc2","v2.1.0p24","v2.1.0p24-rc1","v2.1.0p25","v2.1.0p25-rc1","v2.1.0p25-rc2","v2.1.0p26","v2.1.0p26-rc1","v2.1.0p27","v2.1.0p27-rc1","v2.1.0p3","v2.1.0p4","v2.1.0p5","v2.1.0p6","v2.1.0p7","v2.1.0p8","v2.1.0p9","v2.2.0","v2.2.0-rc1","v2.2.0b1","v2.2.0b1-rc1","v2.2.0b1-rc2","v2.2.0b2","v2.2.0b2-rc1","v2.2.0b3","v2.2.0b3-rc1","v2.2.0b4","v2.2.0b4-rc1","v2.2.0b5","v2.2.0b5-rc1","v2.2.0b5-rc2","v2.2.0b6","v2.2.0b6-rc1","v2.2.0b7","v2.2.0b7-rc1","v2.2.0b8","v2.2.0b8-rc1","v2.2.0p1","v2.2.0p1-rc1","v2.2.0p2","v2.2.0p2-rc1","v2.2.0p3","v2.2.0p3-rc1","v2.2.0p4","v2.2.0p4-rc1","v2.2.0p4-rc2"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-2020.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"}]}