Checkmate
Monthly
Checkmate versions prior to 3.4.0 allow unauthenticated attackers to retrieve unpublished status pages and internal monitoring data through the GET /api/v1/status-page/:url endpoint due to missing authentication checks. Public exploit code exists for this information disclosure vulnerability, enabling remote attackers to access sensitive server hardware, uptime, and incident details without credentials. No patch is currently available for affected deployments.
Checkmate versions prior to 3.4.0 allow unauthenticated attackers to retrieve unpublished status pages and internal monitoring data through the GET /api/v1/status-page/:url endpoint due to missing authentication checks. Public exploit code exists for this information disclosure vulnerability, enabling remote attackers to access sensitive server hardware, uptime, and incident details without credentials. No patch is currently available for affected deployments.