Branch: refs/heads/2.1.0
Home: https://github.com/tribe29/checkmk
Commit: 84e32a64680ab95a5a518d1a19c8f66ca267a45b
https://github.com/tribe29/checkmk/commit/84e32a64680ab95a5a518d1a19c8f66ca…
Author: Lisa Pichler <lisa.pichler(a)tribe29.com>
Date: 2022-09-06 (Tue, 06 Sep 2022)
Changed paths:
A .werks/14763
M cmk/base/plugins/agent_based/domino_tasks.py
A tests/unit/cmk/base/plugins/agent_based/test_domino_tasks.py
Log Message:
-----------
14763 FIX domino_tasks: state becomes UNKNOWN instead of STALE when data is missing
SUP-11271
Change-Id: Ib6adf1dcd3acaaa692e1d1f970dad567f47bf41b
Branch: refs/heads/master
Home: https://github.com/tribe29/checkmk
Commit: d368721588765921ab314c9cce846d1de8b6f6b5
https://github.com/tribe29/checkmk/commit/d368721588765921ab314c9cce846d1de…
Author: Lisa Pichler <lisa.pichler(a)tribe29.com>
Date: 2022-09-06 (Tue, 06 Sep 2022)
Changed paths:
A .werks/14763
M cmk/base/plugins/agent_based/domino_tasks.py
A tests/unit/cmk/base/plugins/agent_based/test_domino_tasks.py
Log Message:
-----------
14763 FIX domino_tasks: state becomes UNKNOWN instead of STALE when data is missing
SUP-11271
Change-Id: Ib6adf1dcd3acaaa692e1d1f970dad567f47bf41b
Branch: refs/heads/2.0.0
Home: https://github.com/tribe29/checkmk
Commit: 5e477d10197e2c0c79f2085a090b5e9524648785
https://github.com/tribe29/checkmk/commit/5e477d10197e2c0c79f2085a090b5e952…
Author: Lisa Pichler <lisa.pichler(a)tribe29.com>
Date: 2022-09-06 (Tue, 06 Sep 2022)
Changed paths:
A .werks/14763
M cmk/base/plugins/agent_based/domino_tasks.py
A tests/unit/cmk/base/plugins/agent_based/test_domino_tasks.py
Log Message:
-----------
14763 FIX domino_tasks: state becomes UNKNOWN instead of STALE when data is missing
SUP-11271
Change-Id: Ib6adf1dcd3acaaa692e1d1f970dad567f47bf41b
Branch: refs/heads/2.1.0
Home: https://github.com/tribe29/checkmk
Commit: 42a0b9b712798d263120e3ed39839d2124498628
https://github.com/tribe29/checkmk/commit/42a0b9b712798d263120e3ed39839d212…
Author: Maximilian Wirtz <maximilian.wirtz(a)tribe29.com>
Date: 2022-09-06 (Tue, 06 Sep 2022)
Changed paths:
A .werks/14485
M tests/unit/cmk/utils/test_werks.py
Log Message:
-----------
14485 SEC Fix session cookie validation on RestAPI
Before this Werk expired sessions were still valid on the RestAPI, since the
RestAPI only vaildated the Cookie signature.
An attacker who was able to steal a session cookie could use that cookie on the
RestAPI even after the session expired. Some actions though require access to
the user session, these action fail due to the expired session. Some actions do
not access the session and are therefore possible.
<b>Affected Versions</b>:
All versions with the RestAPI are affected: 2.0, and 2.1.
<b>Mitigations</b>:
Immediate mitigations are not available.
<b>Indicators of Compromise</b>:
Review Apache and web.log for suspicious logs.
<b>Vulnerability Management</b>:
We have rated the issue with a CVSS Score of 5.6 (Medium) with the following
CVSS vector:
<tt>CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L</tt>.
A CVE has been requested.
This was originally fixed with 672d121c578975d93bdef56b1de9ca2c88d8786e.
Change-Id: If2114e3ce59c66163b388b7bf634181ea972a174