Checkmk werks security May 2023

checkmk-werks-sec@lists.checkmk.com

3 participants
3 discussions

Checkmk Werk 15687: Update openssl to 1.1.1t

by External contributor

ID: 15687 Title: Update openssl to 1.1.1t Component: Core & setup Level: 1 Class: Security fix Version: 2.3.0b1 With this Werk openssl is updated from 1.1.1q to 1.1.1t. This fixes several CVEs: LI: CVE-2023-0215 LI: CVE-2023-0286 LI: CVE-2023-0464 LI: CVE-2023-0465 LI: CVE-2023-0466 LI: CVE-2022-4304 LI: CVE-2022-4450 To our knowledge none of these vulnerabilities is exploitable in Checkmk. We rate this with a CVSS of 0 (None) (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N). This CVSS is primarily meant to please automatic scanners.

12 months

Move of mailinglists to lists.checkmk.com

by Alex Wilms

Dear Checkmk users, this mailinglist will now be migrated to a new server on lists.checkmk.com. Let's say farewell to the last mathias-kettner.de server. -- Alexander Wilms Head of IT Checkmk - The IT monitoring platform | checkmk.com <https://www.checkmk.com> alex.wilms(a)checkmk.com | Phone: +49 89 9982097 0 Subscribe to our newsletter <https://go.checkmk.com/newsletter>! | Melden Sie sich bei unserem Newsletter <https://go.checkmk.com/de/newsletter> an! Checkmk GmbH Kellerstraße 27, 81667 München, Germany Amtsgericht München, HRB 165902 Geschäftsführer: Jan Justus, Mathias Kettner

1 year

Checkmk Werk 13982: Reading host_config's will now honour contact groups

by Teresa Siegmantel

ID: 13982 Title: Reading host_config's will now honour contact groups Component: REST API Level: 1 Class: Security fix Version: 2.3.0b1 Prior to this Werk it was possible for a user to read a hosts configuration (using GET on '/objects/host_config/<host_name>') even if that user was not in the contact group of that host. The REST-API will correctly check a users permissions before serving a response in that case and report a 403 error if the user cannot access the host's config. <b>Affected Versions</b>: LI: 2.2.0 (beta) LI: 2.1.0 <b>Vulnerability Management</b>: We calculated a CVSS 3.1 score of 4.3 (Medium) with the following vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N We assigned CVE-2023-22348 to this vulnerability. We found this vulnerability internally and have no indication of any exploitation.

1 year

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

Checkmk werks security May 2023