Home

Description

Certain http endpoints of Checkmk in Checkmk < 2.3.0p10 < 2.2.0p31, < 2.1.0p46, <= 2.0.0p39 allows remote attacker to bypass authentication and access data

PUBLISHED Reserved 2024-06-19 | Published 2024-07-08 | Updated 2025-08-27 | Assigner Checkmk




MEDIUM: 5.3CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Problem types

CWE-290: Authentication Bypass by Spoofing

Product status

Default status
unaffected

2.3.0 (semver) before 2.3.0p10
affected

2.2.0 (semver) before 2.2.0p31
affected

2.1.0 (semver) before 2.1.0p46
affected

2.0.0 (semver)
affected

Credits

PS Positive Security GmbH reporter

References

checkmk.com/werk/17011

checkmk.com/werk/17011

cve.org (CVE-2024-6163)

nvd.nist.gov (CVE-2024-6163)

Download JSON