Branch: refs/heads/master
Home: https://github.com/tribe29/checkmk
Commit: 2a384409a17c33422964f9d61327aaf49da069e7
https://github.com/tribe29/checkmk/commit/2a384409a17c33422964f9d61327aaf49…
Author: Hannes Rantzsch <hannes.rantzsch(a)tribe29.com>
Date: 2022-09-01 (Thu, 01 Sep 2022)
Changed paths:
A .werks/14385
M agent-receiver/agent_receiver/checkmk_rest_api.py
M agent-receiver/agent_receiver/models.py
M tests/unit/agent_receiver/test_endpoints.py
Log Message:
-----------
14385 SEC Fix limited SSRF in agent-receiver API
Prior to this Werk attackers could use the host registration API for
Server Side Request Forgery.
An attacker would have been able to make the Checkmk server issue local
requests to endpoints that should only be accessible from localhost. In
order to exploit this vulnerability attackers would have needed the
privileges to register hosts. This vulnerability was caused by
insufficient sanitization of the hostname of the host to be registered.
We thank Stefan Schiller (SonarSource) for reporting this issue.
Affected Versions: 2.1
Mitigations: The affected API can be disabled using omd stop
agent-receiver. Note however, that this makes it impossible to register
new hosts.
Vulnerability Management: We have rated the issue with a CVSS Score of
5.0 (Medium) with the following CVSS vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N.
A CVE has been requested.
Changes: This Werk adds validation for the hostname and ensures
hostnames are escaped in requests to the REST API.
CMK-11202
Change-Id: I230f72edf67eb0eb3451984a3415daa888af1f60
Branch: refs/heads/2.1.0
Home: https://github.com/tribe29/checkmk
Commit: 4a399f6ba043c93cfbde7e2dcfa71964dee89450
https://github.com/tribe29/checkmk/commit/4a399f6ba043c93cfbde7e2dcfa71964d…
Author: Hannes Rantzsch <hannes.rantzsch(a)tribe29.com>
Date: 2022-09-01 (Thu, 01 Sep 2022)
Changed paths:
A .werks/14385
M agent-receiver/agent_receiver/checkmk_rest_api.py
M agent-receiver/agent_receiver/models.py
M tests/unit/agent_receiver/test_endpoints.py
Log Message:
-----------
14385 SEC Fix limited SSRF in agent-receiver API
Prior to this Werk attackers could use the host registration API for
Server Side Request Forgery.
An attacker would have been able to make the Checkmk server issue local
requests to endpoints that should only be accessible from localhost. In
order to exploit this vulnerability attackers would have needed the
privileges to register hosts. This vulnerability was caused by
insufficient sanitization of the hostname of the host to be registered.
We thank Stefan Schiller (SonarSource) for reporting this issue.
Affected Versions: 2.1
Mitigations: The affected API can be disabled using omd stop
agent-receiver. Note however, that this makes it impossible to register
new hosts.
Vulnerability Management: We have rated the issue with a CVSS Score of
5.0 (Medium) with the following CVSS vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N.
A CVE has been requested.
Changes: This Werk adds validation for the hostname and ensures
hostnames are escaped in requests to the REST API.
CMK-11202
Change-Id: I230f72edf67eb0eb3451984a3415daa888af1f60
Branch: refs/heads/master
Home: https://github.com/tribe29/checkmk
Commit: 390d0e3461cd31ce5c9bf7ee768dce49a8598c4f
https://github.com/tribe29/checkmk/commit/390d0e3461cd31ce5c9bf7ee768dce49a…
Author: Lisa Pichler <lisa.pichler(a)tribe29.com>
Date: 2022-09-01 (Thu, 01 Sep 2022)
Changed paths:
M agents/plugins/mk_mongodb.py
M tests/agent-plugin-unit/test_mk_mongodb.py
Log Message:
-----------
mk_mongodb.py: convert doctests to unit tests
doctests are not run for agent plugins and provide a false sense of
security.
SUP-11410
Change-Id: I82991eedf5e839e52a3f19b53b87e7e71bc5315c
Commit: 752e25292556d40622eee5bf22f083df3cc8bae4
https://github.com/tribe29/checkmk/commit/752e25292556d40622eee5bf22f083df3…
Author: Lisa Pichler <lisa.pichler(a)tribe29.com>
Date: 2022-09-01 (Thu, 01 Sep 2022)
Changed paths:
A .werks/14765
M agents/plugins/mk_mongodb.py
M tests/agent-plugin-unit/test_mk_mongodb.py
Log Message:
-----------
14765 FIX mk_mongodb.py: primary host is listed under active secondaries
SUP-11410
Change-Id: Id898f7e2af5c746410b0cdfc1df8c367890ce994
Commit: a0fcce2a91500ae0d33495b6de40881438d20fa8
https://github.com/tribe29/checkmk/commit/a0fcce2a91500ae0d33495b6de4088143…
Author: Lisa Pichler <lisa.pichler(a)tribe29.com>
Date: 2022-09-01 (Thu, 01 Sep 2022)
Changed paths:
M agents/plugins/mk_mongodb.py
M tests/agent-plugin-unit/test_mk_mongodb.py
Log Message:
-----------
mk_mongodb.py: configure connection in one place
SUP-11405
Change-Id: I1e3ed0c8e04cddf7e91f14e47aa2ae6f10bf0194
Commit: a5736e168e56685780caa48f31c0c7d2d0b25f6f
https://github.com/tribe29/checkmk/commit/a5736e168e56685780caa48f31c0c7d2d…
Author: Lisa Pichler <lisa.pichler(a)tribe29.com>
Date: 2022-09-01 (Thu, 01 Sep 2022)
Changed paths:
A .werks/14766
M agents/plugins/mk_mongodb.py
M tests/agent-plugin-unit/test_mk_mongodb.py
Log Message:
-----------
14766 FIX mk_mongodb.py: mongodb_instace section shows information from a different host
SUP-11405
Change-Id: I4b01ab10cc5268eb440dd3b8c2d0055fff63cac2
Compare: https://github.com/tribe29/checkmk/compare/522e954ab01a...a5736e168e56
Branch: refs/heads/master
Home: https://github.com/tribe29/checkmk
Commit: 67516a220a9b3714e65514a03c6d5f1b4957bc1f
https://github.com/tribe29/checkmk/commit/67516a220a9b3714e65514a03c6d5f1b4…
Author: Joerg Herbel <joerg.herbel(a)tribe29.com>
Date: 2022-09-01 (Thu, 01 Sep 2022)
Changed paths:
M bin/cmk-update-config
M cmk/.f12
R cmk/update_config.py
A cmk/update_config/__init__.py
A cmk/update_config/legacy.py
M omd/packages/check_mk/check_mk.make
M tests/Makefile
R tests/unit/cmk/test_update_config.py
A tests/unit/cmk/update_config/test_legacy.py
Log Message:
-----------
Move update_config.py to dedicated folder
This is the first step towards splitting this file into plugins.
CMK-10789
Change-Id: I7c7d345117f86d90614d00e97e5377b24de6a6b7
Commit: 522e954ab01af61f30eb6771e86cc2de8ad6d55c
https://github.com/tribe29/checkmk/commit/522e954ab01af61f30eb6771e86cc2de8…
Author: Joerg Herbel <joerg.herbel(a)tribe29.com>
Date: 2022-09-01 (Thu, 01 Sep 2022)
Changed paths:
M bin/cmk-update-config
M cmk/.f12
A cmk/update_config/main.py
A cmk/update_config/plugins/__init__.py
A cmk/update_config/plugins/actions/__init__.py
A cmk/update_config/registry.py
M omd/packages/check_mk/check_mk.make
M scripts/find-python-files
A tests/unit/cmk/post_rename_site/__init__.py
A tests/unit/cmk/update_config/__init__.py
A tests/unit/cmk/update_config/test_main.py
Log Message:
-----------
Plugin architecture for update_config
CMK-10789
Change-Id: I782042f8bf7002aede3b07388c29f04236147251
Compare: https://github.com/tribe29/checkmk/compare/de59ff7aade3...522e954ab01a