Improper permission enforcement in Checkmk allows unauthenticated users to discover the list of existing hosts by sending requests to the deploy_agent endpoint and observing differing HTTP response codes. The vulnerability can lead to disclosure of host information, potentially enabling further reconnaissance or targeted attacks. This weakness aligns with CWE-204, representing improper control over object existence information. The core impact is limited to information leakage and does not directly grant code execution or privilege escalation.

Affected products are Checkmk by Checkmk GmbH. Vulnerable releases include Checkmk 2.4.0 before 2.4.0p23, Checkmk 2.3.0 before 2.3.0p43, and the end‑of‑life release Checkmk 2.2.0. The CPE list confirms the affected families and specific version identifiers for these releases.

The CVSS score of 6.3 indicates medium severity, and the EPSS score is less than 1%, suggesting a low probability of widespread exploitation. The vulnerability is not listed in CISA’s KEV catalog. Attackers would need to send unauthenticated HTTP requests to the deploy_agent endpoint and analyze response codes. The data disclosed is information disclosure; no critical privileges are obtained. Overall, the threat is moderate with limited reach but still warrants timely remediation.