Branch: refs/heads/2.2.0
Home: https://github.com/Checkmk/checkmk
Commit: 74dd5ce0dd6947930e05a3ece2f62e790e1646d0
https://github.com/Checkmk/checkmk/commit/74dd5ce0dd6947930e05a3ece2f62e790…
Author: Maximilian Wirtz <maximilian.wirtz(a)checkmk.com>
Date: 2024-06-14 (Fri, 14 Jun 2024)
Changed paths:
A .werks/17009
M cmk/gui/views/inventory/__init__.py
Log Message:
-----------
17009 SEC XSS in inventory tree
Prior to this Werk an attacker with control over an agent was able to inject HTML in the output which was then rendered in the inventory tree of the coresponding host.
This problem exists only if the rule *Do hardware/software inventory* is set for the compromised agent/host.
We found this vulnerability internally.
**Affected Versions:**
* 2.3.0
* 2.2.0
* 2.1.0
* 2.0.0
**Mitigations**:
If you are unable to patch you can disable inventory scanning for all hosts.
**Indicators of Compromise:**
You can check `var/check_mk/inventory/` for inventories with embedded HTML.
This only indicates current 'attacks'.
Previous attacks (where the agent does not output the payload anymore) are not discoverable after some time (caching).
**Vulnerability Management:**
We have rated the issue with a CVSS Score of 6.5 (Medium) with the following CVSS vector:
`CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L`
We assigned CVE-2024-5741 to this vulnerability.
**Changes:**
This Werk adds sanitation to the HTML output.
Change-Id: I5b93ac74128384c910fb17c54906bd62ee785d34
To unsubscribe from these emails, change your notification settings at https://github.com/Checkmk/checkmk/settings/notifications
Branch: refs/heads/master
Home: https://github.com/Checkmk/checkmk
Commit: 99edb493b66ca7b4e80cfeacc38e095ca9fa6d99
https://github.com/Checkmk/checkmk/commit/99edb493b66ca7b4e80cfeacc38e095ca…
Author: Anastasiia Shevchuk <anastasiia.shevchuk(a)checkmk.com>
Date: 2024-06-14 (Fri, 14 Jun 2024)
Changed paths:
M tests/gui_e2e/test_asvs.py
M tests/gui_e2e/test_change_password.py
A tests/testlib/playwright/pom/change_password.py
Log Message:
-----------
gui_e2e: create PoM object for change password page
Add a new object for the Change Password page and refactor the
tests for this page accordingly (CMK-17723)
Change-Id: Ic01e48bade446bdb3c4e92225e08f776ccdd403f
To unsubscribe from these emails, change your notification settings at https://github.com/Checkmk/checkmk/settings/notifications
Branch: refs/heads/2.3.0
Home: https://github.com/Checkmk/checkmk
Commit: 5ddfcaa66017b4dfed3a60892d034d547eae9a1f
https://github.com/Checkmk/checkmk/commit/5ddfcaa66017b4dfed3a60892d034d547…
Author: Timotheus Bachinger <timotheus.bachinger(a)checkmk.com>
Date: 2024-06-14 (Fri, 14 Jun 2024)
Changed paths:
A .werks/16246.md
M cmk/plugins/cmctc/agent_based/cmctc_lcp.py
Log Message:
-----------
16246 FIX Rittal temperature check regression
You're affected if you're using rittal temperature checks under 2.3.0.
This regression exists since 2.3.0b1 and creates the following crash:
```
File "/omd/sites/YOURSITE/lib/python3/cmk/plugins/lib/temperature.py", line 319, in check_temperature
raise ValueError (Cannot compute trend. Either specify both variables 'unique_name' and 'value_store' or none.)
```
Change-Id: I90cd4c1f46dd1f7301fb5024a1a4825262ee0da9
JIRA-Ref: SUP-18502
To unsubscribe from these emails, change your notification settings at https://github.com/Checkmk/checkmk/settings/notifications
Branch: refs/heads/master
Home: https://github.com/Checkmk/checkmk
Commit: fadc51d346ded181259298e09a0f1dd9cf6841a6
https://github.com/Checkmk/checkmk/commit/fadc51d346ded181259298e09a0f1dd9c…
Author: Sven Panne <sven.panne(a)checkmk.com>
Date: 2024-06-14 (Fri, 14 Jun 2024)
Changed paths:
M packages/livestatus/include/livestatus/LogCache.h
M packages/livestatus/src/LogCache.cc
Log Message:
-----------
Refactoring: Move pathsSince to its single use site
In the end, LogCache should have a nice & simple API with something like
"give me all log entries for this given range", without any abstraction
violations like seeing individual log files, etc.
Currently we have to go into the opposite direction: Move everything beyond
a minimal, abstraction-breaking API to its use sites, make the use sites
more similar, and then do the right abstraction.
Change-Id: Ic6afd3a731c4732e4c26c3780baad0c51d8f07fc
Commit: af6e46242bb1ff4c210489fca9921fabae84c3c4
https://github.com/Checkmk/checkmk/commit/af6e46242bb1ff4c210489fca9921faba…
Author: Sven Panne <sven.panne(a)checkmk.com>
Date: 2024-06-14 (Fri, 14 Jun 2024)
Changed paths:
M packages/livestatus/include/livestatus/LogCache.h
M packages/livestatus/src/LogCache.cc
M packages/livestatus/src/TableLog.cc
Log Message:
-----------
Refactoring: Move LogCache::for_each() to its single use site
Same reason for this change as the previous one for LogCache::pathsSince():
Minimize LogCache API first => unify usages => rework API
Change-Id: I69b7c55d8db509828e3d163367f1de78e8708242
Compare: https://github.com/Checkmk/checkmk/compare/c26f5941b2b8...af6e46242bb1
To unsubscribe from these emails, change your notification settings at https://github.com/Checkmk/checkmk/settings/notifications