Checkmk werks security March 2021

checkmk-werks-sec@lists.checkmk.com

1 participants
3 discussions

Checkmk Werk 12547: Fix possible XSS on audit log page

by Lars Michelsen

ID: 12547 Title: Fix possible XSS on audit log page Component: Setup Level: 1 Class: Security fix Version: 2.1.0i1 Displaying the detail text of changes could trigger execution of arbitrary javascript code that was previously stored by a modification made to the configuration. This issue may affect users of the setup of previous 2.0.0 versions.

3 years, 2 months

Checkmk Werk 12280: Fix XSS on host / folder properties page

by Lars Michelsen

ID: 12280 Title: Fix XSS on host / folder properties page Component: Setup Level: 1 Class: Security fix Version: 2.1.0i1 A user with permissions to edit tag groups could trigger a stored XSS issue on the host and folder properties pages. This may lead to javascript code being executed in the browser of another user which is able to access the host and folder properties pages.

3 years, 2 months

Checkmk Werk 12277: Docker container: Update base image to Debian buster

by Lars Michelsen

ID: 12277 Title: Docker container: Update base image to Debian buster Component: Core & setup Level: 2 Class: Security fix Version: 2.1.0i1 The Checkmk docker container image was previously based on the debian:stretch-slim image. The base image has now been updated to debian:buster-slim. If you build the container images on your own, based on the Dockerfile from our git, you will now have to use the Checkmk packages for Debian buster instead of the stretch packages.

3 years, 2 months

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

Checkmk werks security March 2021