Checkmk git commits September 2022

checkmk-commits@lists.checkmk.com

1 participants
607 discussions

[tribe29/checkmk] 2e8cf3: 14384 SEC Fix command injection in livestatus quer...

by Hannes Rantzsch

Branch: refs/heads/master Home: https://github.com/tribe29/checkmk Commit: 2e8cf315be262df7a749c55f205ff21f895a84db https://github.com/tribe29/checkmk/commit/2e8cf315be262df7a749c55f205ff21f8… Author: Hannes Rantzsch <hannes.rantzsch(a)tribe29.com> Date: 2022-09-01 (Thu, 01 Sep 2022) Changed paths: A .werks/14384 M livestatus/api/python/livestatus.py M tests/unit/livestatus/test_livestatus_unit.py Log Message: ----------- 14384 SEC Fix command injection in livestatus query headers Prior to this Werk it was possible to inject livestatus commands in Checkmk's livestatus wrapper and python API. Attackers could add additional commands in the AuthUser query header using newline characters. This allowed running arbitrary livestatus commands, including external commands to the core. The issue could only be exploited by attackers from localhost, where the tampered header could be injected in a request to graph data. We thank Stefan Schiller (SonarSource) for reporting this issue. Affected Versions: All currently supported versions are affected: 1.6, 2.0, and 2.1. Mitigations: Immediate mitigations are not available. Indicators of Compromise: Review the logs of Nagios / CMC for suspicious commands. Vulnerability Management: We have rated the issue with a CVSS Score of 6.8 (Medium) with the following CVSS vector: <tt>CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L</tt>. A CVE has been requested. Changes: This Werk adds sanitization for the AuthUser header field. CMK-11203 Change-Id: Ie34b324ab57e84df03fd0ecbf54d22804d101723

1 year, 10 months

[tribe29/checkmk] 913fad: 14384 SEC Fix command injection in livestatus quer...

by Hannes Rantzsch

Branch: refs/heads/2.0.0 Home: https://github.com/tribe29/checkmk Commit: 913fadf303119077982ea53183a345add5dec3d1 https://github.com/tribe29/checkmk/commit/913fadf303119077982ea53183a345add… Author: Hannes Rantzsch <hannes.rantzsch(a)tribe29.com> Date: 2022-09-01 (Thu, 01 Sep 2022) Changed paths: A .werks/14384 M livestatus/api/python/livestatus.py M tests/unit/livestatus/test_livestatus_unit.py Log Message: ----------- 14384 SEC Fix command injection in livestatus query headers Prior to this Werk it was possible to inject livestatus commands in Checkmk's livestatus wrapper and python API. Attackers could add additional commands in the AuthUser query header using newline characters. This allowed running arbitrary livestatus commands, including external commands to the core. The issue could only be exploited by attackers from localhost, where the tampered header could be injected in a request to graph data. We thank Stefan Schiller (SonarSource) for reporting this issue. Affected Versions: All currently supported versions are affected: 1.6, 2.0, and 2.1. Mitigations: Immediate mitigations are not available. Indicators of Compromise: Review the logs of Nagios / CMC for suspicious commands. Vulnerability Management: We have rated the issue with a CVSS Score of 6.8 (Medium) with the following CVSS vector: <tt>CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L</tt>. A CVE has been requested. Changes: This Werk adds sanitization for the AuthUser header field. CMK-11203 Change-Id: Ie34b324ab57e84df03fd0ecbf54d22804d101723

1 year, 10 months

[tribe29/checkmk] c67764: 14500 lnx_container_host_if: new agent and section...

by Lisa Pichler

Branch: refs/heads/2.1.0 Home: https://github.com/tribe29/checkmk Commit: c677648a7765572098d5e4a9d7f881728d11eeca https://github.com/tribe29/checkmk/commit/c677648a7765572098d5e4a9d7f881728… Author: Lisa Pichler <lisa.pichler(a)tribe29.com> Date: 2022-09-01 (Thu, 01 Sep 2022) Changed paths: A .werks/14500 A agents/cfg_examples/lnx_container_host_if.cfg A agents/plugins/lnx_container_host_if.linux M cmk/base/plugins/agent_based/lnx_if.py A cmk/base/plugins/agent_based/section_lnx_container_host_if.py A cmk/base/plugins/agent_based/utils/lnx_if.py A tests/unit/cmk/base/plugins/agent_based/test_section_lnx_container_host_if.py Log Message: ----------- 14500 lnx_container_host_if: new agent and section plugin for network interfaces CMK-10146 Change-Id: Ib29d859a727d4b8f7737cbf7054198a7ff7c592f

1 year, 10 months

[tribe29/checkmk] 695b00: 14678 Fix mk_docker error with python docker >= 6.0.0

by Max Linke

Branch: refs/heads/2.0.0 Home: https://github.com/tribe29/checkmk Commit: 695b004ee76e97fa056acbf6c277b5223a22e624 https://github.com/tribe29/checkmk/commit/695b004ee76e97fa056acbf6c277b5223… Author: Max Linke <max.linke(a)tribe29.com> Date: 2022-09-01 (Thu, 01 Sep 2022) Changed paths: A .werks/14678 M agents/plugins/mk_docker.py Log Message: ----------- 14678 Fix mk_docker error with python docker >= 6.0.0 First seen in https://www.reddit.com/r/Checkmk/comments/wyx6d0/docker_container_monitorin… The new version file of the docker package doesn't export a "version" string anymore. So mk_docker.py isn't compatible with docker >= 6.0.0. See the commit: https://github.com/docker/docker-py/commit/cd2c35a9b699522b282cc4f024efa569… Closes: #510 Change-Id: Ifbaeda12213b595a6a557659634399afd7f0ce6d

1 year, 10 months

[tribe29/checkmk] 93d604: Simplify some code in EC main

by Konstantin Baikov

Branch: refs/heads/master Home: https://github.com/tribe29/checkmk Commit: 93d6042a4205f348e1a36a0c37ef3f91d5bfead9 https://github.com/tribe29/checkmk/commit/93d6042a4205f348e1a36a0c37ef3f91d… Author: Konstantin Baikov <konstantin.baikov(a)tribe29.com> Date: 2022-09-01 (Thu, 01 Sep 2022) Changed paths: M cmk/ec/main.py Log Message: ----------- Simplify some code in EC main Fixes complains from flake8-simplify plugin Change-Id: If3699b1df6f0a2dd7cb072d7edd401ccea67983a Commit: ae53511eaaf76449fb24c2ab02e050e16fc6069d https://github.com/tribe29/checkmk/commit/ae53511eaaf76449fb24c2ab02e050e16… Author: Konstantin Baikov <konstantin.baikov(a)tribe29.com> Date: 2022-09-01 (Thu, 01 Sep 2022) Changed paths: M cmk/ec/main.py Log Message: ----------- Remove percent formatting in EC main - normal strings become f-strings - in logging methods percent is not needed as the params should be *args for optimization Change-Id: I18f74cb6c8b3c3da79f0f197b06f2ed5578b7e02 Compare: https://github.com/tribe29/checkmk/compare/eda65714563b...ae53511eaaf7

1 year, 10 months

[tribe29/checkmk] c03a71: 14678 Fix mk_docker error with python docker >= 6.0.0

by Matteo

Branch: refs/heads/2.1.0 Home: https://github.com/tribe29/checkmk Commit: c03a71c3dd153bb8d4a483bebc0a68ebdd60216f https://github.com/tribe29/checkmk/commit/c03a71c3dd153bb8d4a483bebc0a68ebd… Author: Matteo Abis <1423701+Enucatl(a)users.noreply.github.com> Date: 2022-09-01 (Thu, 01 Sep 2022) Changed paths: A .werks/14678 M agents/plugins/mk_docker.py Log Message: ----------- 14678 Fix mk_docker error with python docker >= 6.0.0 First seen in https://www.reddit.com/r/Checkmk/comments/wyx6d0/docker_container_monitorin… The new version file of the docker package doesn't export a "version" string anymore. So mk_docker.py isn't compatible with docker >= 6.0.0. See the commit: https://github.com/docker/docker-py/commit/cd2c35a9b699522b282cc4f024efa569… Closes: #510 Change-Id: Ifbaeda12213b595a6a557659634399afd7f0ce6d

1 year, 10 months

[tribe29/checkmk] 87aabb: Add python include path to netsnmp build

by Timotheus Bachinger

Branch: refs/heads/2.1.0 Home: https://github.com/tribe29/checkmk Commit: 87aabb2251c0ac5f72e4069b3e0592a319ad8d15 https://github.com/tribe29/checkmk/commit/87aabb2251c0ac5f72e4069b3e0592a31… Author: Timotheus Bachinger <timotheus.bachinger(a)tribe29.com> Date: 2022-09-01 (Thu, 01 Sep 2022) Changed paths: M omd/packages/net-snmp/net-snmp.make Log Message: ----------- Add python include path to netsnmp build Change-Id: I75b10fcc3fe52089f47bfd2aca3a34721135fd21 (cherry picked from commit d1ce84e9c32df582b4abe4657e76e0e20418f1e4)

1 year, 10 months

[tribe29/checkmk] d0b620: 14680 Fix keyerror in heartbeat_crm when param not...

by rb

Branch: refs/heads/master Home: https://github.com/tribe29/checkmk Commit: d0b620ef910c179b84e538a86946ee9fc8f2c71c https://github.com/tribe29/checkmk/commit/d0b620ef910c179b84e538a86946ee9fc… Author: sva-mh <112542376+sva-mh(a)users.noreply.github.com> Date: 2022-09-01 (Thu, 01 Sep 2022) Changed paths: A .werks/14680 M cmk/base/plugins/agent_based/heartbeat_crm.py M tests/unit/cmk/base/plugins/agent_based/test_heartbeat_crm.py Log Message: ----------- 14680 Fix keyerror in heartbeat_crm when param not defined in setup/wato closes: #511 Change-Id: I51284ad9251ac0dfea09fc26896378c52d369a8f Commit: ad8aec8441bd3a16632a577f8a5f588f89e982f3 https://github.com/tribe29/checkmk/commit/ad8aec8441bd3a16632a577f8a5f588f8… Author: Matteo Abis <1423701+Enucatl(a)users.noreply.github.com> Date: 2022-09-01 (Thu, 01 Sep 2022) Changed paths: A .werks/14678 M agents/plugins/mk_docker.py Log Message: ----------- 14678 Fix mk_docker error with python docker >= 6.0.0 First seen in https://www.reddit.com/r/Checkmk/comments/wyx6d0/docker_container_monitorin… The new version file of the docker package doesn't export a "version" string anymore. So mk_docker.py isn't compatible with docker >= 6.0.0. See the commit: https://github.com/docker/docker-py/commit/cd2c35a9b699522b282cc4f024efa569… Closes: #510 Change-Id: Ifbaeda12213b595a6a557659634399afd7f0ce6d Commit: eda65714563b9ceaf188e0660969eb1583b6654d https://github.com/tribe29/checkmk/commit/eda65714563b9ceaf188e0660969eb158… Author: Ronny Bruska <ronny.bruska(a)tribe29.com> Date: 2022-09-01 (Thu, 01 Sep 2022) Changed paths: A .werks/14744 M cmk/gui/plugins/dashboard/graph.py M cmk/gui/plugins/metrics/html_render.py Log Message: ----------- 14744 FIX Fix reload of graph dashlets in dashboards SUP-11377 Change-Id: Ic40fec1fc035c28bcf6039d2c83d631bf6aa9784 Compare: https://github.com/tribe29/checkmk/compare/774c97368212...eda65714563b

1 year, 10 months

[tribe29/checkmk] 0562e9: Fix missing HASHES file

by AZurhake

Branch: refs/heads/2.0.0 Home: https://github.com/tribe29/checkmk Commit: 0562e9712b85da7375ad8bbbed58d797e7236e20 https://github.com/tribe29/checkmk/commit/0562e9712b85da7375ad8bbbed58d797e… Author: Alex Zurhake <alex.zurhake(a)tribe29.com> Date: 2022-09-01 (Thu, 01 Sep 2022) Changed paths: M buildscripts/scripts/build-cmk-version.jenkins M buildscripts/scripts/lib/upload_artifacts.groovy Log Message: ----------- Fix missing HASHES file Everytime something is uploaded a HASHES file is created to make sure, it cannot be forgotten. Change-Id: Ifdf45ff10afbd0e34c03781b53a9d1f8956da351

1 year, 10 months

[tribe29/checkmk] 774c97: Fix missing HASHES file

by AZurhake

Branch: refs/heads/master Home: https://github.com/tribe29/checkmk Commit: 774c973682123ff4a8bac4868022d90cf745f2d0 https://github.com/tribe29/checkmk/commit/774c973682123ff4a8bac4868022d90cf… Author: Alex Zurhake <alex.zurhake(a)tribe29.com> Date: 2022-09-01 (Thu, 01 Sep 2022) Changed paths: M buildscripts/scripts/build-cmk-version.jenkins M buildscripts/scripts/lib/upload_artifacts.groovy Log Message: ----------- Fix missing HASHES file Everytime something is uploaded a HASHES file is created to make sure, it cannot be forgotten. Change-Id: Ifdf45ff10afbd0e34c03781b53a9d1f8956da351

1 year, 10 months

Jump to page:

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

Checkmk git commits September 2022