PT-2024-39127 · Checkmk · Checkmk
Published
2024-09-23
·
Updated
2024-09-30
·
CVE-2024-8606
CVSS v4.0
9.2
Critical
| Vector | AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N |
Name of the Vulnerable Software and Affected Versions:
Checkmk versions prior to 2.3.0p16
Checkmk versions prior to 2.2.0p34
Description:
The issue allows authenticated users to bypass two-factor authentication in the RestAPI of Checkmk. This enables attackers to access the system without providing the required second form of verification, potentially leading to unauthorized access.
Recommendations:
For versions prior to 2.3.0p16, update to version 2.3.0p16 or later to resolve the issue.
For versions prior to 2.2.0p34, update to version 2.2.0p34 or later to resolve the issue.
As a temporary workaround, consider restricting access to the RestAPI until a patch is applied.
Fix
Incorrect Authorization
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Checkmk