CVE-2024-28825
published 2024-04-24CVE-2024-28825: Improper restriction of excessive authentication attempts on some authentication methods in Checkmk before 2.3.0b5 (beta), 2.2.0p26, 2.1.0p43, and in Checkmk…
PriorityP259critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
0.52%
40.2th percentile
Improper restriction of excessive authentication attempts on some authentication methods in Checkmk before 2.3.0b5 (beta), 2.2.0p26, 2.1.0p43, and in Checkmk 2.0.0 (EOL) facilitates password brute-forcing.
Affected
8 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| checkmk | checkmk | <= 2.0.0 | — |
| checkmk | checkmk | — | — |
| checkmk | checkmk | — | — |
| checkmk | checkmk | — | — |
| checkmk_gmbh | checkmk | 2.0.0 – 2.0.0p39 | — |
| checkmk_gmbh | checkmk | >= 2.1.0 < 2.1.0p43 | 2.1.0p43 |
| checkmk_gmbh | checkmk | >= 2.2.0 < 2.2.0p26 | 2.2.0p26 |
| checkmk_gmbh | checkmk | >= 2.3.0 < 2.3.0b5 | 2.3.0b5 |
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
osv9.8CRITICAL
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-x656-fq6f-v9rf: Improper restriction of excessive authentication attempts on some authentication methods in Checkmk before 2
ghsa_unreviewed·2024-04-24
CVE-2024-28825 [MEDIUM] CWE-307 GHSA-x656-fq6f-v9rf: Improper restriction of excessive authentication attempts on some authentication methods in Checkmk before 2
Improper restriction of excessive authentication attempts on some authentication methods in Checkmk before 2.3.0b5 (beta), 2.2.0p26, 2.1.0p43, and in Checkmk 2.0.0 (EOL) facilitates password brute-forcing.
OSV
CVE-2024-28825: Improper restriction of excessive authentication attempts on some authentication methods in Checkmk before 2
osv·2024-04-24·CVSS 9.8
CVE-2024-28825 [CRITICAL] CVE-2024-28825: Improper restriction of excessive authentication attempts on some authentication methods in Checkmk before 2
Improper restriction of excessive authentication attempts on some authentication methods in Checkmk before 2.3.0b5 (beta), 2.2.0p26, 2.1.0p43, and in Checkmk 2.0.0 (EOL) facilitates password brute-forcing.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2024-04-24
Published