CVE-2024-28833

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2024-28833
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-28833.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2024-28833
Downstream
Published
2024-06-10T12:15:09.927Z
Modified
2026-04-10T05:11:35.490097Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
Summary
[none]
Details

Improper restriction of excessive authentication attempts with two factor authentication methods in Checkmk 2.3 before 2.3.0p6 facilitates brute-forcing of second factor mechanisms.

References

Affected packages

Git / github.com/checkmk/checkmk

Affected ranges

Type
GIT
Repo
https://github.com/checkmk/checkmk
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
774354b2551f8e27948fc4cebfc950ee81d28e0d
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
5ba483a2e011b281853e3d4789c7f77d5bd2915c
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
fd541d4d7d95668dd33d61bc16fa8df17f4affcf
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
2a6bc3d8dc8852375275f81654dd00a1f94f5ffd
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
1fc0aea14b848c3d4eaf779a42ac59e3af0e8df6
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "2.3.0-p1"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "2.3.0-p2"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "2.3.0-p3"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "2.3.0-p4"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "2.3.0-p5"
        }
    ]
}

Affected versions

1.*
1.1.0beta17
v1.*
v1.1.0
v1.1.10
v1.1.10b1
v1.1.10b2
v1.1.11i1
v1.1.11i2
v1.1.11i3
v1.1.13i2
v1.1.13i3
v1.1.2
v1.1.3
v1.1.4
v1.1.6
v1.1.6b2
v1.1.7i2
v1.1.7i3
v1.1.7i4
v1.1.7i5
v1.1.8
v1.1.8b1
v1.1.8b2
v1.1.8b3
v1.1.9i1
v1.1.9i3
v1.1.9i4
v1.1.9i5
v1.1.9i7
v1.1.9i8
v1.1.9i9
v1.2.0b2
v1.2.0b3
v1.2.0b4
v1.2.0p1
v1.2.1i5
v1.2.3i4
v1.2.3i5
v1.2.3i6
v1.2.5i1
v1.2.5i6
v1.4.0i1
v1.4.0i2
v1.4.0i3
v1.5.0i1
v1.5.0i2
v1.5.0i3
v1.6.0b1
v2.*
v2.0.0i1
v2.3.0-rc1
v2.3.0b1
v2.3.0b1-rc1
v2.3.0b1-rc2
v2.3.0b2
v2.3.0b2-rc1
v2.3.0b3
v2.3.0b3-rc1
v2.3.0b4-rc1
v2.3.0b4-rc2
v2.3.0b5
v2.3.0b5-rc1
v2.3.0b6-rc1
v2.3.0p1
v2.3.0p1-rc1
v2.3.0p2
v2.3.0p2-rc1
v2.3.0p3
v2.3.0p3-rc1
v2.3.0p3-rc2
v2.3.0p4
v2.3.0p4-rc1
v2.3.0p5
v2.3.0p5-rc1

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-28833.json"