CVE-2023-31211

HIGH

Checkmk <2.2.0p18-2.0.0p39 - Auth Bypass

Title source: llm
STIX 2.1

Description

Insufficient authentication flow in Checkmk before 2.2.0p18, 2.1.0p38 and 2.0.0p39 allows attacker to use locked credentials

References (1)

Core 1
Core References
Patch, Vendor Advisory
https://checkmk.com/werk/16227

Scores

CVSS v3 8.8
EPSS 0.0051
EPSS Percentile 39.0%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

CWE
CWE-303 CWE-670
Status published
Products (2)
checkmk/checkmk 2.0.0 b1 (47 CPE variants)
checkmk/checkmk 2.1.0 (3 CPE variants)
Published Jan 12, 2024
Tracked Since Feb 18, 2026