{"id":"CVE-2023-22348","details":"Improper Authorization in RestAPI in Checkmk GmbH's Checkmk versions \u003c2.1.0p28 and \u003c2.2.0b8 allows remote authenticated users to read arbitrary host_configs.","modified":"2025-11-15T06:10:17.930536Z","published":"2023-05-17T16:15:09.110Z","references":[{"type":"ADVISORY","url":"https://checkmk.com/werk/13982"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/checkmk/checkmk","events":[{"introduced":"0"},{"fixed":"6a686961c4b760c55a13cfdb61e7c02be832a0be"}]}],"versions":["1.1.0beta17","v1.1.0","v1.1.10","v1.1.10b1","v1.1.10b2","v1.1.11i1","v1.1.11i2","v1.1.11i3","v1.1.11i4","v1.1.12","v1.1.12b1","v1.1.12b2","v1.1.13i1","v1.1.13i2","v1.1.13i3","v1.1.2","v1.1.3","v1.1.3b1","v1.1.4","v1.1.5i0","v1.1.5i1","v1.1.5i2","v1.1.5i3","v1.1.6","v1.1.6b2","v1.1.6b3","v1.1.7i1","v1.1.7i2","v1.1.7i3","v1.1.7i4","v1.1.7i5","v1.1.8","v1.1.8b1","v1.1.8b2","v1.1.8b3","v1.1.9i1","v1.1.9i2","v1.1.9i3","v1.1.9i4","v1.1.9i5","v1.1.9i6","v1.1.9i7","v1.1.9i8","v1.1.9i9","v1.2.0b1","v1.2.0b2","v1.2.0b3","v1.2.0b4","v1.2.0b5","v1.2.0b6","v1.2.0p1","v1.2.0p2","v1.2.0p3","v1.2.1i1","v1.2.1i2","v1.2.1i3","v1.2.1i4","v1.2.1i5","v1.2.2b1","v1.2.3i1","v1.2.3i2","v1.2.3i3","v1.2.3i4","v1.2.3i5","v1.2.3i6","v1.2.3i7","v1.2.5i1","v1.2.5i2","v1.2.5i3","v1.2.5i4","v1.2.5i5","v1.2.5i6","v1.2.7i1","v1.2.7i2","v1.2.7i3","v1.4.0i1","v1.4.0i2","v1.4.0i3","v1.5.0i1","v1.5.0i2","v1.5.0i3","v1.6.0b1","v2.0.0i1","v2.1.0b1","v2.1.0b2","v2.1.0b3","v2.1.0b4","v2.1.0b5","v2.1.0b6","v2.1.0b7","v2.1.0b8","v2.1.0b9"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-22348.json"}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"}]}