Branch: refs/heads/master
Home: https://github.com/Checkmk/checkmk
Commit: 8a3f6af31873b17054fd2208dcd356eadd5a29b8
https://github.com/Checkmk/checkmk/commit/8a3f6af31873b17054fd2208dcd356ead…
Author: Matteo Stifano <matteo.stifano(a)checkmk.com>
Date: 2024-06-14 (Fri, 14 Jun 2024)
Changed paths:
M tests/update/conftest.py
Log Message:
-----------
test_update: Improve logging
Change-Id: I28db79caf3eff715a48c6da223ff7412867703bd
Commit: 00ad8f06496d630c14bcb8d0ae67883ec11fecd7
https://github.com/Checkmk/checkmk/commit/00ad8f06496d630c14bcb8d0ae67883ec…
Author: Maximilian Wirtz <maximilian.wirtz(a)checkmk.com>
Date: 2024-06-14 (Fri, 14 Jun 2024)
Changed paths:
A .werks/17009.md
M cmk/gui/views/inventory/_tree_renderer.py
Log Message:
-----------
17009 SEC XSS in inventory tree
Prior to this Werk an attacker with control over an agent was able to inject HTML in the output which was then rendered in the inventory tree of the coresponding host.
This problem exists only if the rule *Do hardware/software inventory* is set for the compromised agent/host.
We found this vulnerability internally.
**Affected Versions:**
* 2.3.0
* 2.2.0
* 2.1.0
* 2.0.0
**Mitigations**:
If you are unable to patch you can disable inventory scanning for all hosts.
**Indicators of Compromise:**
You can check `var/check_mk/inventory/` for inventories with embedded HTML.
This only indicates current 'attacks'.
Previous attacks (where the agent does not output the payload anymore) are not discoverable after some time (caching).
**Vulnerability Management:**
We have rated the issue with a CVSS Score of 6.5 (Medium) with the following CVSS vector:
`CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L`
We assigned CVE-2024-5741 to this vulnerability.
**Changes:**
This Werk adds sanitation to the HTML output.
Change-Id: I5b93ac74128384c910fb17c54906bd62ee785d34
Compare: https://github.com/Checkmk/checkmk/compare/e0eb2965fc86...00ad8f06496d
To unsubscribe from these emails, change your notification settings at https://github.com/Checkmk/checkmk/settings/notifications
Branch: refs/heads/2.3.0
Home: https://github.com/Checkmk/checkmk
Commit: 211d94994094284b91327ab632a59c7e7ca4fc73
https://github.com/Checkmk/checkmk/commit/211d94994094284b91327ab632a59c7e7…
Author: Simon Jess <simon.jess(a)checkmk.com>
Date: 2024-06-14 (Fri, 14 Jun 2024)
Changed paths:
A .werks/16744.md
M cmk/gui/views/inventory/row_post_processor.py
M tests/unit/cmk/gui/views/test_views_inventory.py
Log Message:
-----------
16744 FIX Fix internal error while combining inventory tables within views
Change-Id: I9f87891c015328504fc443dad2f30b61006ed79b
To unsubscribe from these emails, change your notification settings at https://github.com/Checkmk/checkmk/settings/notifications
Branch: refs/heads/2.2.0
Home: https://github.com/Checkmk/checkmk
Commit: da1ecb511cd8cd58c4dc6d4a3f215991c614a1a6
https://github.com/Checkmk/checkmk/commit/da1ecb511cd8cd58c4dc6d4a3f215991c…
Author: Simon Jess <simon.jess(a)checkmk.com>
Date: 2024-06-14 (Fri, 14 Jun 2024)
Changed paths:
A .werks/16744
M cmk/gui/views/inventory/row_post_processor.py
M tests/unit/cmk/gui/views/test_views_inventory.py
Log Message:
-----------
16744 FIX Fix internal error while combining inventory tables within views
Change-Id: I9f87891c015328504fc443dad2f30b61006ed79b
To unsubscribe from these emails, change your notification settings at https://github.com/Checkmk/checkmk/settings/notifications
Branch: refs/heads/master
Home: https://github.com/Checkmk/checkmk
Commit: 632b32d49ddcd7d34c3778b19839caac9598d1cb
https://github.com/Checkmk/checkmk/commit/632b32d49ddcd7d34c3778b19839caac9…
Author: Simon Jess <simon.jess(a)checkmk.com>
Date: 2024-06-14 (Fri, 14 Jun 2024)
Changed paths:
A .werks/16744.md
M cmk/gui/views/inventory/row_post_processor.py
M tests/unit/cmk/gui/views/inventory/test_row_post_processor.py
Log Message:
-----------
16744 FIX Fix internal error while combining inventory tables within views
Change-Id: I9f87891c015328504fc443dad2f30b61006ed79b
To unsubscribe from these emails, change your notification settings at https://github.com/Checkmk/checkmk/settings/notifications
Branch: refs/heads/master
Home: https://github.com/Checkmk/checkmk
Commit: f8119ff7b794b9a2a8d63eda1eb8122b4a754f45
https://github.com/Checkmk/checkmk/commit/f8119ff7b794b9a2a8d63eda1eb8122b4…
Author: Mathias Laurin <mathias.laurin(a)checkmk.com>
Date: 2024-06-14 (Fri, 14 Jun 2024)
Changed paths:
A .werks/16512.md
Log Message:
-----------
16512 FIX Restart scheduler after setting "use the status of a service"
The following scenario would break scheduling
* make host passive with `@service` -> internally sets next check to 0
* make host active again, for example, `@up`
-> calls `scheduleHostJob()` with `host->nextCheck()`, which is 0
-> the invalid timestamp is rejected
-> scheduling fails and has to be retriggered by the user
SUP-14635
Change-Id: If48579cbd371349263d19b8adcf417b112509f50
To unsubscribe from these emails, change your notification settings at https://github.com/Checkmk/checkmk/settings/notifications
Branch: refs/heads/2.3.0
Home: https://github.com/Checkmk/checkmk
Commit: f19ea20ccc1af4c2c9eca83f365d52934841eea4
https://github.com/Checkmk/checkmk/commit/f19ea20ccc1af4c2c9eca83f365d52934…
Author: Leonardo Petrora <leonardo.petrora(a)checkmk.com>
Date: 2024-06-14 (Fri, 14 Jun 2024)
Changed paths:
A cmk/gui/openapi/restful_objects/content_decoder.py
M cmk/gui/openapi/restful_objects/decorators.py
M tests/unit/cmk/gui/openapi/test_endpoint.py
Log Message:
-----------
Extend content types accepted by endpoints
Until now, endpoints were only able to receive application/json content.
This change adds the ‘accept’ attribute to the Endpoint decorator,
separates content decoding to make it extensible, and adds support
for application/gzip content.
Change-Id: If2b0e8bae3b324a4560dbe627d15f5d03d5793f2
To unsubscribe from these emails, change your notification settings at https://github.com/Checkmk/checkmk/settings/notifications