{"id":"CVE-2026-30829","summary":"Checkmate: Unauthenticated Access to Unpublished Status Page","details":"Checkmate is an open-source, self-hosted tool designed to track and monitor server hardware, uptime, response times, and incidents in real-time with beautiful visualizations. Prior to version 3.4.0, an unauthenticated information disclosure vulnerability exists in the GET /api/v1/status-page/:url endpoint. The endpoint does not enforce authentication or verify whether a status page is published before returning full status page details. As a result, unpublished status pages and their associated internal data are accessible to any unauthenticated user via direct API requests. This issue has been patched in version 3.4.0.","aliases":["GHSA-57xf-wg6w-fjrr"],"modified":"2026-04-10T05:41:53.350066Z","published":"2026-03-07T05:46:00.460Z","database_specific":{"cna_assigner":"GitHub_M","osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/30xxx/CVE-2026-30829.json","cwe_ids":["CWE-200"]},"references":[{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/30xxx/CVE-2026-30829.json"},{"type":"ADVISORY","url":"https://github.com/bluewave-labs/Checkmate/security/advisories/GHSA-57xf-wg6w-fjrr"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-30829"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/bluewave-labs/checkmate","events":[{"introduced":"0"},{"fixed":"e3ecfe6ad8814f0b169d2386d5ea6fd01a21a57b"}]}],"versions":["v1.0","v1.1.0","v2.0.1","v2.0.2","v2.1","v2.2","v2.3","v3.1","v3.1-beta","v3.1.1","v3.1.2","v3.1.3","v3.1.4","v3.1.5","v3.1.6","v3.1.8","v3.2.0","v3.3"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-30829.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"}]}