Branch: refs/heads/master
Home: https://github.com/tribe29/checkmk
Commit: 70139dc6bf79be6670a9ef167b25c0ff8595972d
https://github.com/tribe29/checkmk/commit/70139dc6bf79be6670a9ef167b25c0ff8…
Author: Solomon Jacobs <solomon.jacobs(a)tribe29.com>
Date: 2022-04-14 (Thu, 14 Apr 2022)
Changed paths:
M cmk/base/plugins/agent_based/utils/kube.py
M tests/unit/cmk/base/plugins/agent_based/utils/test_kube.py
Log Message:
-----------
KUBE: add namespace for host labels
Key-value pairs of Kubernetes labels are valid checkmk labels (see
`LabelName` and `LabelValue`). However, a user can add labels to their
Kubernetes objects, which overwrite existing checkmk labels, if we simply
add `HostLabel(label.name, label.value)`. To circumvent this problem, we
prepend every label name with 'kube/'.
CMK-10229
Change-Id: Idb34b46503cbfd5888da64a99f84cdd3f337551d
Branch: refs/heads/1.6.0
Home: https://github.com/tribe29/checkmk
Commit: eedb84baf37b3d282d4c969aad491ead21b89b1d
https://github.com/tribe29/checkmk/commit/eedb84baf37b3d282d4c969aad491ead2…
Author: Maximilian Wirtz <maximilian.wirtz(a)tribe29.com>
Date: 2022-04-14 (Thu, 14 Apr 2022)
Changed paths:
A .werks/13897
M cmk_base/notify.py
Log Message:
-----------
Fix command injection vulnerability
Previously to this Werk an attacker who could control certain notification
variables such as <tt>NOTIFICATIONTYPE</tt> or <tt>HOSTNAME</tt> was able to
inject commands to the fall-back mail command. The commands were then executed
as site user.
With this werk the variable <tt>MAIL_COMMAND</tt> is no longer available
in notification scripts.
You can reduce the risk of exploitation with disabling the listening of the
notification spooler (the default is disabled) (CEE/CME only feature).
All maintained versions (>=1.6) are subject to this vulnerability. It is likely
that also previous versions were vulnerable.
To detect possible exploitation <tt>var/log/mknotifyd.log</tt> and
<tt>var/log/notify.log</tt> can be checked for special shell characters like
<tt>&&</tt> and odd quoting.
CMK-8780
Change-Id: I98236d1aa7854773862aee6fedcd669b09ba5fc0
Branch: refs/heads/2.1.0
Home: https://github.com/tribe29/checkmk
Commit: b9555d78d0acf90989e91a8348ffb16e4f26a850
https://github.com/tribe29/checkmk/commit/b9555d78d0acf90989e91a8348ffb16e4…
Author: Joerg Herbel <joerg.herbel(a)tribe29.com>
Date: 2022-04-14 (Thu, 14 Apr 2022)
Changed paths:
M agent-receiver/agent_receiver/checkmk_rest_api.py
M cmk/gui/plugins/openapi/endpoints/host_internal.py
M cmk/gui/plugins/openapi/restful_objects/response_schemas.py
M cmk/gui/plugins/openapi/restful_objects/type_defs.py
M tests/unit/cmk/gui/plugins/openapi/test_openapi_host_internal.py
Log Message:
-----------
REST API: add internal endpoint which shows some host attributes
This new endpoint will be used by the agent receiver during host
registration. To avoid collisions with the existing official endpoint,
the new endpoint uses the domain "host_config_internal".
Also move the existing endpoint link_uuid to host_config_internal for
consistency.
CMK-10258
Change-Id: If99aa74a1920e0bf5500ad3415d742981a2102e1