CVE-2024-6163
published 2024-07-08CVE-2024-6163: Certain http endpoints of Checkmk in Checkmk < 2.3.0p10 < 2.2.0p31, < 2.1.0p46, <= 2.0.0p39 allows remote attacker to bypass authentication and access data
PriorityP434medium5.3CVSS 3.1
AVNACLPRNUINSUCLINAN
EPSS
0.53%
40.5th percentile
Certain http endpoints of Checkmk in Checkmk < 2.3.0p10 < 2.2.0p31, < 2.1.0p46, <= 2.0.0p39 allows remote attacker to bypass authentication and access data
Affected
8 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| checkmk | checkmk | <= 2.0.0 | — |
| checkmk | checkmk | — | — |
| checkmk | checkmk | — | — |
| checkmk | checkmk | — | — |
| checkmk_gmbh | checkmk | 2.0.0 – 2.0.0p39 | — |
| checkmk_gmbh | checkmk | >= 2.1.0 < 2.1.0p46 | 2.1.0p46 |
| checkmk_gmbh | checkmk | >= 2.2.0 < 2.2.0p31 | 2.2.0p31 |
| checkmk_gmbh | checkmk | >= 2.3.0 < 2.3.0p10 | 2.3.0p10 |
CVSS provenance
nvdv3.15.3MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
osv5.3MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-fjq7-jr7j-jh92: Certain http endpoints of Checkmk in Checkmk < 2
ghsa_unreviewed·2024-07-08
CVE-2024-6163 [MEDIUM] CWE-290 GHSA-fjq7-jr7j-jh92: Certain http endpoints of Checkmk in Checkmk < 2
Certain http endpoints of Checkmk in Checkmk < 2.3.0p10 < 2.2.0p31, < 2.1.0p46, <= 2.0.0p39 allows remote attacker to bypass authentication and access data
OSV
CVE-2024-6163: Certain http endpoints of Checkmk in Checkmk < 2
osv·2024-07-08·CVSS 5.3
CVE-2024-6163 [MEDIUM] CVE-2024-6163: Certain http endpoints of Checkmk in Checkmk < 2
Certain http endpoints of Checkmk in Checkmk < 2.3.0p10 < 2.2.0p31, < 2.1.0p46, <= 2.0.0p39 allows remote attacker to bypass authentication and access data
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2024-07-08
Published