What the vulnerability does
01Description
Bypass of two factor authentication in RestAPI in Checkmk < 2.3.0p16 and < 2.2.0p34 allows authenticated users to bypass two factor authentication
CVSS base score
9.2/10
CVSS vector
CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Key dates
02Disclosure timeline
September 23, 2024
CVE published
September 23, 2024
Record updated
External resources
03References
Related vulnerabilities
04Related CVE
CVE-2025-64753 grist-core has insufficient access control in endpoints for comparisons between documents and versions
CVE-2025-69414
CVE-2025-4975 Tapo privilege escalation on shared devices using notifications
CVE-2026-26205 opa-envoy-plugin has an Authorization Bypass via Double-Slash Path Misinterpretation in `input.parsed_path`
CVE-2026-28720
