Title: Fix 2FA bypass via RestAPI
Class: security
Compatible: compat
Component: wato
Date: 1725874171
Edition: cre
Level: 1
Version: 2.2.0p34
Previous to this Werk the RestAPI did not properly check if a user that is supposed to
authenticated with multiple factors indeed authenticated fully.
This issue was found during internal review.
<em>Affected Versions</em>:
LI: 2.3.0
LI: 2.2.0
<em>Vulnerability Management</em>:
We have rated the issue with a CVSS Score of 9.2 High
(<code>CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N</code>)
and assigned <code>CVE-2024-8606</code>.