-
Notifications
You must be signed in to change notification settings - Fork 460
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
16218 SEC Fix 2FA bypass via RestAPI
CMK-18988 Change-Id: I11d746709c614fb21aee578229b274487f182731
- Loading branch information
1 parent
cf0e9e0
commit 25aeb99
Showing
5 changed files
with
85 additions
and
6 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,21 @@ | ||
Title: Fix 2FA bypass via RestAPI | ||
Class: security | ||
Compatible: compat | ||
Component: wato | ||
Date: 1725874171 | ||
Edition: cre | ||
Level: 1 | ||
Version: 2.2.0p34 | ||
|
||
Previous to this Werk the RestAPI did not properly check if a user that is supposed to authenticated with multiple factors indeed authenticated fully. | ||
|
||
This issue was found during internal review. | ||
|
||
<em>Affected Versions</em>: | ||
|
||
LI: 2.3.0 | ||
LI: 2.2.0 | ||
|
||
<em>Vulnerability Management</em>: | ||
|
||
We have rated the issue with a CVSS Score of 9.2 High (<code>CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N</code>) and assigned <code>CVE-2024-8606</code>. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters