{"id":"CVE-2024-8606","details":"Bypass of two factor authentication in RestAPI in Checkmk \u003c 2.3.0p16 and \u003c 2.2.0p34 allows authenticated users to bypass two factor authentication","modified":"2026-04-10T05:19:54.604149Z","published":"2024-09-23T07:15:02.233Z","references":[{"type":"ADVISORY","url":"https://checkmk.com/werk/16218"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/checkmk/checkmk","events":[{"introduced":"0"},{"last_affected":"779a2941a075e1461b45407f715176524414b994"},{"introduced":"0"},{"last_affected":"774354b2551f8e27948fc4cebfc950ee81d28e0d"},{"introduced":"0"},{"last_affected":"3b78272d604bfda3f7954ae5cec8ff3e3fddc5cf"},{"introduced":"0"},{"last_affected":"72fdb481b2f673c5a80d56cfec3dffa598195a0e"},{"introduced":"0"},{"last_affected":"a6aaa241192f2257300a50839bf7423b335b7771"},{"introduced":"0"},{"last_affected":"418c120db01cb5030ac6d51e2b54b5277e44738b"},{"introduced":"0"},{"last_affected":"a5fbb41e2f4568843e01625799cedbfd753373c6"},{"introduced":"0"},{"last_affected":"257af35825115a122e4100973d840c041ea3edf5"},{"introduced":"0"},{"last_affected":"5ba483a2e011b281853e3d4789c7f77d5bd2915c"},{"introduced":"0"},{"last_affected":"fd541d4d7d95668dd33d61bc16fa8df17f4affcf"},{"introduced":"0"},{"last_affected":"2a6bc3d8dc8852375275f81654dd00a1f94f5ffd"},{"introduced":"0"},{"last_affected":"1fc0aea14b848c3d4eaf779a42ac59e3af0e8df6"},{"introduced":"0"},{"last_affected":"d3c7ace5f5f48c54974558e49f4a088735be56a8"},{"introduced":"0"},{"last_affected":"4dabbfb583bb1e70b3257a8a3fc7bcdacaf8b4e9"},{"introduced":"0"},{"last_affected":"f93c345b2ef1435d51333d3593a6b1701d5c249c"},{"introduced":"0"},{"last_affected":"241e7e776b96d316693575e91023518e20e171be"},{"introduced":"0"},{"last_affected":"d6049cd2d82eba3842b30c305912b9e946842463"},{"introduced":"0"},{"last_affected":"6d181fbfbfbc98415313b4cb0ad96ded5ddd7abd"},{"introduced":"0"},{"last_affected":"324bd38f5b76f73f236e495af0c9228b65d15528"},{"introduced":"0"},{"last_affected":"0d2681c53226611c965c0d94ff233e497b5a4317"},{"introduced":"0"},{"last_affected":"5cf0476d6b0cba20b3aafb01b187c63a9fda92bd"},{"introduced":"0"},{"last_affected":"5554a04b2c158ae9b0e01ef1b591fe3702ea5ac0"},{"introduced":"0"},{"last_affected":"eda43696c54223b7b5fdcf3f4c3a44ab841061fe"},{"introduced":"0"},{"last_affected":"e5861f0cab1099a17d23657c9ed1054590f5c769"},{"introduced":"0"},{"last_affected":"4cbff4e1a0ac90dc4d91939fc63184a0fcc0c3da"},{"introduced":"0"},{"last_affected":"89df3c399664ac47711f628042b180222de1580d"},{"introduced":"0"},{"last_affected":"4a194cdc9f337ef68e31af63eedf88054f7fddc1"},{"introduced":"0"},{"last_affected":"35f34b0cf3e832750898c365d1a492f7b76a4c6e"},{"introduced":"0"},{"last_affected":"267fa27ce44b36ca91fbd6446837c5713df736fc"},{"introduced":"0"},{"last_affected":"be4ee84ebb62f6f7a9af75bf026585e6561fafc2"},{"introduced":"0"},{"last_affected":"996ca03a86e23025fe7544b47005043ae6be9084"},{"introduced":"0"},{"last_affected":"f9da425b482f2e430343b235449ff33114bf4ddc"},{"introduced":"0"},{"last_affected":"22de8967ee57635f022996260036f7059c359d77"},{"introduced":"0"},{"last_affected":"2bc11315273eb7bdbd3ca42f4d726527b204519e"},{"introduced":"0"},{"last_affected":"65236b565e0f57dd058f395704b20154aff30847"},{"introduced":"0"},{"last_affected":"b6b3d5d682a04ac1de9f5a7e6aab4bec9529562c"},{"introduced":"0"},{"last_affected":"a889f51a7d8216e1ac9b9db00637ae8179a0dd53"},{"introduced":"0"},{"last_affected":"c91ffa81b3cb743d0f8aafb8b18a63e77d971096"},{"introduced":"0"},{"last_affected":"991ffeda722dc12d049c3dd7a667cb5ef08a8fc7"},{"introduced":"0"},{"last_affected":"93590d801961d180c7958a478839a07b2cbb1d77"},{"introduced":"0"},{"last_affected":"603bd98e26ab35ce5126fee36c84778170869878"},{"introduced":"0"},{"last_affected":"8476719e4cb80a4eb715c99f1347d9ee89ea6e5a"},{"introduced":"0"},{"last_affected":"a656430461523e83e2a5e4a0441179c665de48f5"},{"introduced":"0"},{"last_affected":"4a9f01eaebaa33dd83008b72d3a7f54321d42b73"},{"introduced":"0"},{"last_affected":"c5a9ed82c6f3115b7aaa46c6aa1b63953d8d5ce5"},{"introduced":"0"},{"last_affected":"d85a2e5143ecba3b73784a9825264d0a576382b1"},{"introduced":"0"},{"last_affected":"d4289fb7f58f6387d62713179131946f44a9aa69"},{"introduced":"0"},{"last_affected":"d2607dde3dd4fcaf3357df418f83060293bed122"},{"introduced":"0"},{"last_affected":"07125838894d877a8f3c6110dc28ec40ba9fff8f"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"2.3.0-NA"},{"introduced":"0"},{"last_affected":"2.3.0-p1"},{"introduced":"0"},{"last_affected":"2.3.0-p10"},{"introduced":"0"},{"last_affected":"2.3.0-p11"},{"introduced":"0"},{"last_affected":"2.3.0-p12"},{"introduced":"0"},{"last_affected":"2.3.0-p13"},{"introduced":"0"},{"last_affected":"2.3.0-p14"},{"introduced":"0"},{"last_affected":"2.3.0-p15"},{"introduced":"0"},{"last_affected":"2.3.0-p2"},{"introduced":"0"},{"last_affected":"2.3.0-p3"},{"introduced":"0"},{"last_affected":"2.3.0-p4"},{"introduced":"0"},{"last_affected":"2.3.0-p5"},{"introduced":"0"},{"last_affected":"2.3.0-p6"},{"introduced":"0"},{"last_affected":"2.3.0-p7"},{"introduced":"0"},{"last_affected":"2.3.0-p8"},{"introduced":"0"},{"last_affected":"2.3.0-p9"},{"introduced":"0"},{"last_affected":"2.2.0-NA"},{"introduced":"0"},{"last_affected":"2.2.0-p1"},{"introduced":"0"},{"last_affected":"2.2.0-p10"},{"introduced":"0"},{"last_affected":"2.2.0-p11"},{"introduced":"0"},{"last_affected":"2.2.0-p12"},{"introduced":"0"},{"last_affected":"2.2.0-p13"},{"introduced":"0"},{"last_affected":"2.2.0-p14"},{"introduced":"0"},{"last_affected":"2.2.0-p15"},{"introduced":"0"},{"last_affected":"2.2.0-p16"},{"introduced":"0"},{"last_affected":"2.2.0-p17"},{"introduced":"0"},{"last_affected":"2.2.0-p18"},{"introduced":"0"},{"last_affected":"2.2.0-p19"},{"introduced":"0"},{"last_affected":"2.2.0-p2"},{"introduced":"0"},{"last_affected":"2.2.0-p20"},{"introduced":"0"},{"last_affected":"2.2.0-p21"},{"introduced":"0"},{"last_affected":"2.2.0-p22"},{"introduced":"0"},{"last_affected":"2.2.0-p23"},{"introduced":"0"},{"last_affected":"2.2.0-p24"},{"introduced":"0"},{"last_affected":"2.2.0-p25"},{"introduced":"0"},{"last_affected":"2.2.0-p26"},{"introduced":"0"},{"last_affected":"2.2.0-p27"},{"introduced":"0"},{"last_affected":"2.2.0-p28"},{"introduced":"0"},{"last_affected":"2.2.0-p29"},{"introduced":"0"},{"last_affected":"2.2.0-p3"},{"introduced":"0"},{"last_affected":"2.2.0-p30"},{"introduced":"0"},{"last_affected":"2.2.0-p31"},{"introduced":"0"},{"last_affected":"2.2.0-p33"},{"introduced":"0"},{"last_affected":"2.2.0-p4"},{"introduced":"0"},{"last_affected":"2.2.0-p5"},{"introduced":"0"},{"last_affected":"2.2.0-p6"},{"introduced":"0"},{"last_affected":"2.2.0-p7"},{"introduced":"0"},{"last_affected":"2.2.0-p8"},{"introduced":"0"},{"last_affected":"2.2.0-p9"}]}}],"versions":["1.1.0beta17","v1.1.0","v1.1.10","v1.1.10b1","v1.1.10b2","v1.1.11i1","v1.1.11i2","v1.1.11i3","v1.1.13i2","v1.1.13i3","v1.1.2","v1.1.3","v1.1.4","v1.1.6","v1.1.6b2","v1.1.7i2","v1.1.7i3","v1.1.7i4","v1.1.7i5","v1.1.8","v1.1.8b1","v1.1.8b2","v1.1.8b3","v1.1.9i1","v1.1.9i3","v1.1.9i4","v1.1.9i5","v1.1.9i7","v1.1.9i8","v1.1.9i9","v1.2.0b2","v1.2.0b3","v1.2.0b4","v1.2.0p1","v1.2.1i5","v1.2.3i4","v1.2.3i5","v1.2.3i6","v1.2.5i1","v1.2.5i6","v1.4.0i1","v1.4.0i2","v1.4.0i3","v1.5.0i1","v1.5.0i2","v1.5.0i3","v1.6.0b1","v2.0.0i1","v2.2.0","v2.2.0-rc1","v2.2.0b1","v2.2.0b1-rc1","v2.2.0b1-rc2","v2.2.0b2","v2.2.0b2-rc1","v2.2.0b3","v2.2.0b3-rc1","v2.2.0b4","v2.2.0b4-rc1","v2.2.0b5","v2.2.0b5-rc1","v2.2.0b5-rc2","v2.2.0b6","v2.2.0b6-rc1","v2.2.0b7","v2.2.0b7-rc1","v2.2.0b8","v2.2.0b8-rc1","v2.2.0p1","v2.2.0p1-rc1","v2.2.0p10","v2.2.0p10-rc1","v2.2.0p11","v2.2.0p11-rc1","v2.2.0p12","v2.2.0p12-rc1","v2.2.0p13","v2.2.0p13-rc1","v2.2.0p13-rc2","v2.2.0p14","v2.2.0p14-rc1","v2.2.0p14-rc2","v2.2.0p15","v2.2.0p15-rc1","v2.2.0p15-rc2","v2.2.0p16","v2.2.0p16-rc1","v2.2.0p16-rc2","v2.2.0p16-rc3","v2.2.0p17","v2.2.0p17-rc1","v2.2.0p17-rc2","v2.2.0p17-rc3","v2.2.0p18","v2.2.0p18-rc1","v2.2.0p18-rc2","v2.2.0p19","v2.2.0p19-rc1","v2.2.0p19-rc2","v2.2.0p19-rc3","v2.2.0p2","v2.2.0p2-rc1","v2.2.0p20","v2.2.0p20-rc1","v2.2.0p20-rc2","v2.2.0p20-rc3","v2.2.0p20-rc4","v2.2.0p21","v2.2.0p21-rc1","v2.2.0p21-rc2","v2.2.0p22","v2.2.0p22-rc1","v2.2.0p23","v2.2.0p23-rc1","v2.2.0p24","v2.2.0p24-rc1","v2.2.0p25","v2.2.0p25-rc1","v2.2.0p25-rc2","v2.2.0p26","v2.2.0p26-rc1","v2.2.0p26-rc2","v2.2.0p27","v2.2.0p27-rc1","v2.2.0p28","v2.2.0p28-rc1","v2.2.0p29","v2.2.0p29-rc1","v2.2.0p3","v2.2.0p3-rc1","v2.2.0p30","v2.2.0p30-rc1","v2.2.0p31","v2.2.0p31-rc1","v2.2.0p32","v2.2.0p32-rc1","v2.2.0p33","v2.2.0p33-rc1","v2.2.0p4","v2.2.0p4-rc1","v2.2.0p4-rc2","v2.2.0p5","v2.2.0p5-rc1","v2.2.0p6","v2.2.0p6-rc1","v2.2.0p6-rc2","v2.2.0p6-rc3","v2.2.0p7","v2.2.0p7-rc1","v2.2.0p8","v2.2.0p8-rc1","v2.2.0p8-rc2","v2.2.0p9","v2.2.0p9-rc1","v2.3.0","v2.3.0-rc1","v2.3.0-rc2","v2.3.0-rc3","v2.3.0b1","v2.3.0b1-rc1","v2.3.0b1-rc2","v2.3.0b2","v2.3.0b2-rc1","v2.3.0b3","v2.3.0b3-rc1","v2.3.0b4-rc1","v2.3.0b4-rc2","v2.3.0b5","v2.3.0b5-rc1","v2.3.0b6-rc1","v2.3.0p1","v2.3.0p1-rc1","v2.3.0p10","v2.3.0p10-rc1","v2.3.0p11","v2.3.0p11-rc1","v2.3.0p11-rc2","v2.3.0p11-rc3","v2.3.0p12","v2.3.0p12-rc1","v2.3.0p12-rc2","v2.3.0p12-rc3","v2.3.0p13","v2.3.0p13-rc1","v2.3.0p14","v2.3.0p14-rc1","v2.3.0p15","v2.3.0p15-rc1","v2.3.0p15-rc2","v2.3.0p2","v2.3.0p2-rc1","v2.3.0p3","v2.3.0p3-rc1","v2.3.0p3-rc2","v2.3.0p4","v2.3.0p4-rc1","v2.3.0p5","v2.3.0p5-rc1","v2.3.0p6","v2.3.0p6-rc1","v2.3.0p7","v2.3.0p7-rc1","v2.3.0p7-rc2","v2.3.0p7-rc3","v2.3.0p7-rc4","v2.3.0p7-rc5","v2.3.0p8","v2.3.0p8-rc1","v2.3.0p9","v2.3.0p9-rc1"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-8606.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}]}