Remote Attackers Can Bypass Authentication and Access Data in Checkmk Before 2.3.0p10, 2.2.0p31, 2.1.0p46, and 2.0.0p39
CVE-2024-6163

5.3MEDIUM

Key Information:

Vendor: Checkmk Gmbh
Status: Checkmk
Vendor: CVE Published:; 8 July 2024

Summary

Certain http endpoints of Checkmk in Checkmk < 2.3.0p10 < 2.2.0p31, < 2.1.0p46, <= 2.0.0p39 allows remote attacker to bypass authentication and access data

Affected Version(s)

Checkmk 2.3.0 < 2.3.0p10

Checkmk 2.2.0 < 2.2.0p31

Checkmk 2.1.0 < 2.1.0p46

References

https://checkmk.com/werk/17011

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jul 8, 2024
Vulnerability Reserved
Jun 19, 2024

Credit

PS Positive Security GmbH