Checkmk werks security September 2021

checkmk-werks-sec@lists.checkmk.com

2 participants
4 discussions

Checkmk Werk 13193: XSS in report editing

by Maximilian Wirtz

ID: 13193 Title: XSS in report editing Component: Reporting & Availability Level: 1 Class: Security fix Version: 2.1.0i1 It was possible to Inject HTML code in various Content elments. This could also be used in shared reports. CVSS: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H 9.0 Affected Versions: all below Workarounds: Disallow users to customize reports (Set 'General Permissions' > 'Customize reports and use them' to no) Exploit detections: Check `var/check_mk/web/*/user_reports.mk` for html specialchars.

2 years, 7 months

Checkmk Werk 13215: real-time checks: improved encryption

by Moritz Kiemer

ID: 13215 Title: real-time checks: improved encryption Component: Checks & agents Level: 1 Class: Security fix Version: 2.1.0i1 The Linux agent now uses some advantages of current (>= 1.1.1) OpenSSL versions and employs a safer encryption algorithm for the real-time UDP packets on applicable systems.

2 years, 8 months

Checkmk Werk 13069: Fix file path manipulation

by Maximilian Wirtz

ID: 13069 Title: Fix file path manipulation Component: Setup Level: 1 Class: Security fix Version: 2.1.0i1

2 years, 8 months

Checkmk Werk 13191: Fix XSS in conditions

by Maximilian Wirtz

ID: 13191 Title: Fix XSS in conditions Component: Setup Level: 1 Class: Security fix Version: 2.1.0i1

2 years, 8 months

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

Checkmk werks security September 2021