Branch: refs/heads/master
Home: https://github.com/Checkmk/checkmk
Commit: ce4771e1a0a7359384cbb496f97ed700494f9bf4
https://github.com/Checkmk/checkmk/commit/ce4771e1a0a7359384cbb496f97ed7004…
Author: Konstantin Baikov <konstantin.baikov(a)checkmk.com>
Date: 2024-07-02 (Tue, 02 Jul 2024)
Changed paths:
A .werks/16533.md
M cmk/ec/rule_matcher.py
M tests/unit/cmk/ec/test_rule_matching.py
Log Message:
-----------
16533 FIX Event Console regex match in rule text
SUP-19224
A typo in the returned var name
in the method compile_matching_value caused a valid
regex to not match, because it was sent as a starting
Change-Id: Ia14cbabf67ade6a6ca664d9be195f800a8570a00
To unsubscribe from these emails, change your notification settings at https://github.com/Checkmk/checkmk/settings/notifications
Branch: refs/heads/2.1.0
Home: https://github.com/Checkmk/checkmk
Commit: d0ae528441a09f8b6ca2f0700c11716af850259d
https://github.com/Checkmk/checkmk/commit/d0ae528441a09f8b6ca2f0700c11716af…
Author: Checkmk release system <feedback(a)checkmk.com>
Date: 2024-07-02 (Tue, 02 Jul 2024)
Changed paths:
M agents/check_mk_agent.aix
M agents/check_mk_agent.freebsd
M agents/check_mk_agent.hpux
M agents/check_mk_agent.linux
M agents/check_mk_agent.macosx
M agents/check_mk_agent.netbsd
M agents/check_mk_agent.openbsd
M agents/check_mk_agent.openvms
M agents/check_mk_agent.openwrt
M agents/check_mk_agent.solaris
M agents/cmk-agent-ctl/src/constants.rs
M agents/plugins/apache_status.py
M agents/plugins/asmcmd.sh
M agents/plugins/db2_mem
M agents/plugins/dnsclient
M agents/plugins/hpux_lunstats
M agents/plugins/hpux_statgrab
M agents/plugins/ibm_mq
M agents/plugins/isc_dhcpd.py
M agents/plugins/jar_signature
M agents/plugins/kaspersky_av
M agents/plugins/lnx_container_host_if.linux
M agents/plugins/lnx_quota
M agents/plugins/lvm
M agents/plugins/mailman_lists
M agents/plugins/mk_apt
M agents/plugins/mk_ceph
M agents/plugins/mk_cups_queues
M agents/plugins/mk_db2.aix
M agents/plugins/mk_db2.linux
M agents/plugins/mk_docker.py
M agents/plugins/mk_errpt.aix
M agents/plugins/mk_filehandler
M agents/plugins/mk_filestats.py
M agents/plugins/mk_haproxy.freebsd
M agents/plugins/mk_informix
M agents/plugins/mk_inotify.py
M agents/plugins/mk_inventory.aix
M agents/plugins/mk_inventory.linux
M agents/plugins/mk_inventory.solaris
M agents/plugins/mk_iptables
M agents/plugins/mk_jolokia.py
M agents/plugins/mk_logins
M agents/plugins/mk_logwatch.py
M agents/plugins/mk_mongodb.py
M agents/plugins/mk_mysql
M agents/plugins/mk_nfsiostat
M agents/plugins/mk_omreport
M agents/plugins/mk_oracle
M agents/plugins/mk_oracle_crs
M agents/plugins/mk_postgres.py
M agents/plugins/mk_redis
M agents/plugins/mk_sap.aix
M agents/plugins/mk_sap.py
M agents/plugins/mk_sap_hana
M agents/plugins/mk_saprouter
M agents/plugins/mk_scaleio
M agents/plugins/mk_site_object_counts
M agents/plugins/mk_sshd_config
M agents/plugins/mk_suseconnect
M agents/plugins/mk_tinkerforge.py
M agents/plugins/mk_tsm
M agents/plugins/mk_zypper
M agents/plugins/mtr.py
M agents/plugins/netstat.aix
M agents/plugins/netstat.linux
M agents/plugins/netstat.solaris
M agents/plugins/nfsexports
M agents/plugins/nfsexports.solaris
M agents/plugins/nginx_status.py
M agents/plugins/plesk_backups.py
M agents/plugins/plesk_domains.py
M agents/plugins/runas
M agents/plugins/smart
M agents/plugins/symantec_av
M agents/plugins/unitrends_backup
M agents/plugins/unitrends_replication.py
M agents/plugins/vxvm
M agents/plugins/websphere_mq
M agents/plugins/zorp
M agents/windows/plugins/ad_replication.bat
M agents/windows/plugins/arcserve_backup.ps1
M agents/windows/plugins/citrix_farm.ps1
M agents/windows/plugins/citrix_licenses.vbs
M agents/windows/plugins/citrix_xenapp.ps1
M agents/windows/plugins/hyperv_vms.ps1
M agents/windows/plugins/hyperv_vms_guestinfos.ps1
M agents/windows/plugins/iis_app_pool_state.ps1
M agents/windows/plugins/kaspersky_av_client.vbs
M agents/windows/plugins/mcafee_av_client.bat
M agents/windows/plugins/megaraid.bat
M agents/windows/plugins/mk_dhcp_enabled.bat
M agents/windows/plugins/mk_inventory.vbs
M agents/windows/plugins/mk_msoffice.ps1
M agents/windows/plugins/mk_mysql.vbs
M agents/windows/plugins/mk_oracle.ps1
M agents/windows/plugins/msexch_dag.ps1
M agents/windows/plugins/msexch_database.ps1
M agents/windows/plugins/mssql.vbs
M agents/windows/plugins/netstat_an.bat
M agents/windows/plugins/rds_licenses.vbs
M agents/windows/plugins/rstcli.bat
M agents/windows/plugins/sansymphony.ps1
M agents/windows/plugins/storcli.bat
M agents/windows/plugins/tsm_checks.bat
M agents/windows/plugins/veeam_backup_status.ps1
M agents/windows/plugins/win_dhcp_pools.bat
M agents/windows/plugins/win_dmidecode.bat
M agents/windows/plugins/win_license.bat
M agents/windows/plugins/win_printers.ps1
M agents/windows/plugins/windows_broadcom_bonding.bat
M agents/windows/plugins/windows_if.ps1
M agents/windows/plugins/windows_intel_bonding.bat
M agents/windows/plugins/windows_multipath.vbs
M agents/windows/plugins/windows_os_bonding.ps1
M agents/windows/plugins/windows_tasks.ps1
M agents/windows/plugins/windows_updates.vbs
M agents/windows/plugins/wmic_if.bat
M agents/wnx/src/common/wnx_version.h
M bin/livedump
M bin/mkbackup
M bin/mkbench
M cmk/utils/version.py
M configure.ac
M defines.make
M docker/Dockerfile
Log Message:
-----------
Set version to 2.1.0p46
To unsubscribe from these emails, change your notification settings at https://github.com/Checkmk/checkmk/settings/notifications
Branch: refs/heads/master
Home: https://github.com/Checkmk/checkmk
Commit: b0325aff6d1afd5815c1d02e63496ff6a4976d43
https://github.com/Checkmk/checkmk/commit/b0325aff6d1afd5815c1d02e63496ff6a…
Author: Lars Michelsen <lm(a)checkmk.com>
Date: 2024-07-02 (Tue, 02 Jul 2024)
Changed paths:
M cmk/gui/watolib/activate_changes.py
M tests/unit/cmk/gui/conftest.py
Log Message:
-----------
Cleanup now useless cleanups
Since we now use the spawn mode instead of fork, there is no need to
clean up resources anymore. The code here may actually cause harm since
the closing of file descriptors might leave references behind.
Change-Id: I8502053ffe5543566e250d4a00c4d0152fba6e5b
To unsubscribe from these emails, change your notification settings at https://github.com/Checkmk/checkmk/settings/notifications
Branch: refs/heads/2.3.0
Home: https://github.com/Checkmk/checkmk
Commit: 3183015032286a59585d3146a9b73ce9926ef90a
https://github.com/Checkmk/checkmk/commit/3183015032286a59585d3146a9b73ce99…
Author: Sergey Kipnis <sergey.kipnis(a)checkmk.com>
Date: 2024-07-01 (Mon, 01 Jul 2024)
Changed paths:
A .werks/16845.md
M agents/wnx/include/wnx/cfg_details.h
M agents/wnx/include/wnx/cma_core.h
M agents/wnx/src/common/wtools.cpp
M agents/wnx/src/engine/cfg.cpp
M agents/wnx/src/engine/cma_core.cpp
M agents/wnx/watest/test-yaml.cpp
Log Message:
-----------
16845 SEC fix a privilege escalation vulnerability in the Checkmk Windows Agent
This Werk fixes a privilege escalation vulnerability in the Checkmk Windows
Agent.
Prior to this Werk, it was possible for authenticated users on the monitored
Windows host to execute commands as administrator account that is used to run
the Agent, allowing them to elevate their privileges.
The reason for this issue were excessive write permissions on the
`ProgramData\checkmk\agent` directory.
Note that you must update Checkmk as well as the agent in order to apply this
fix.
This issue was found in a commissioned penetration test conducted by modzero
GmbH.
*Affected Versions*:
* 2.3.0
* 2.2.0
* 2.1.0
*Mitigations*:
If updating is not possible, you can manually remove write access for non-admin
users on the `ProgramData\checkmk\agent` folder.
To do this, navigate to the folder's property settings and make sure to verify
the special permissions and advanced permission settings in addition to the
basic permission settings.
*Vulnerability Management*:
We have rated the issue with a CVSS Score of 8.8 High (`CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H`)
and assigned `CVE-2024-28827`.
Change-Id: Ic4592f5ff0e4310e3821c955c31542cab84710b6
Commit: 9c39ca70b4fe0e2e0a8687727195d516a3e3af61
https://github.com/Checkmk/checkmk/commit/9c39ca70b4fe0e2e0a8687727195d516a…
Author: Timotheus Bachinger <timotheus.bachinger(a)checkmk.com>
Date: 2024-07-01 (Mon, 01 Jul 2024)
Changed paths:
M .werks/16845.md
Log Message:
-----------
Reserve werk for potential future use
Change-Id: Ie9f5516caa39dae729264cf42f1afb0fa0bdfdc4
Commit: 3ba8e13383f2027e4138f14f58c2c16a171e56f4
https://github.com/Checkmk/checkmk/commit/3ba8e13383f2027e4138f14f58c2c16a1…
Author: Timotheus Bachinger <timotheus.bachinger(a)checkmk.com>
Date: 2024-07-01 (Mon, 01 Jul 2024)
Changed paths:
M .werks/16845.md
Log Message:
-----------
Revert "Reserve werk for potential future use"
This reverts commit 9c39ca70b4fe0e2e0a8687727195d516a3e3af61.
Commit: 3289139fb1ec66f5c12c6debc49cc8bbb0dc61f7
https://github.com/Checkmk/checkmk/commit/3289139fb1ec66f5c12c6debc49cc8bbb…
Author: Maximilian Wirtz <maximilian.wirtz(a)checkmk.com>
Date: 2024-07-01 (Mon, 01 Jul 2024)
Changed paths:
A .werks/17010.md
M cmk/gui/valuespec.py
Log Message:
-----------
17010 SEC XSS in SQL check parameters
Prior to this Werk an attacher could add HTML to one parameter of the *Check SQL database* rule which was executed on the overview page.
We found this vulnerability internally.
**Affected Versions**:
LI: 2.3.0
LI: 2.2.0
LI: 2.1.0
LI: 2.0.0 (probably older versions as well)
**Indicators of Compromis**:
The creation of such rules is logged in the audit log. You can therefore check the `wato_audit.log` either on the terminal or in the UI for entries that contain malicious HTML.
**Vulnerability Management**:
We have rated the issue with a CVSS Score of 6.5 (Medium) with the following CVSS vector: `CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L`
We assigned CVE-2024-6052 to this vulnerability.
**Changes**:
This Werk fixes the escaping.
CMK-17809
Change-Id: I8cf2d8218f1d6bb449beb6947d879b8a114e081a
Commit: f93c345b2ef1435d51333d3593a6b1701d5c249c
https://github.com/Checkmk/checkmk/commit/f93c345b2ef1435d51333d3593a6b1701…
Author: Hannes Rantzsch <hannes.rantzsch(a)checkmk.com>
Date: 2024-07-01 (Mon, 01 Jul 2024)
Changed paths:
A .werks/17090.md
M cmk/gui/backup/handler.py
M cmk/gui/bi/_config.py
M cmk/gui/custom_icons/_modes.py
M cmk/gui/key_mgmt.py
M cmk/gui/mkeventd/wato.py
M cmk/gui/wato/pages/_simple_modes.py
M cmk/gui/wato/pages/audit_log.py
M cmk/gui/wato/pages/bulk_discovery.py
M cmk/gui/wato/pages/bulk_edit.py
M cmk/gui/wato/pages/bulk_import.py
M cmk/gui/wato/pages/diagnostics.py
M cmk/gui/wato/pages/folders.py
M cmk/gui/wato/pages/global_settings.py
M cmk/gui/wato/pages/groups.py
M cmk/gui/wato/pages/host_diagnose.py
M cmk/gui/wato/pages/host_rename.py
M cmk/gui/wato/pages/ldap.py
M cmk/gui/wato/pages/notifications.py
M cmk/gui/wato/pages/parentscan.py
M cmk/gui/wato/pages/read_only.py
M cmk/gui/wato/pages/roles.py
M cmk/gui/wato/pages/rulesets.py
M cmk/gui/wato/pages/search.py
M cmk/gui/wato/pages/sites.py
M cmk/gui/wato/pages/tags.py
M cmk/gui/wato/pages/timeperiods.py
M cmk/gui/wato/pages/user_migrate.py
M cmk/gui/wato/pages/users.py
M web/htdocs/js/modules/forms.ts
Log Message:
-----------
17090 SEC Fix Various CSRF Issues
This Werk adds priviously missing CSRF-Token validation to various
endpoints in WATO. The lack of CSRF-Token validation could allow an
attacker to perform actions on behalf of a user without their consent,
by tricking the user into visiting clicking on a malicious link.
This vulnerability was identified during a commissioned penetration test
conducted by PS Positive Security GmbH.
*Affected Versions*:
* 2.3.0
* 2.2.0
* 2.1.0
* 2.0.0 (EOL)
*Vulnerability Management*:
We have rated the issue with a CVSS Score of 8.8 High
(`CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H`) and assigned
`CVE-2024-28828`.
Change-Id: Ib12128b873b7d06140e48fb66147e7a2599dd6f9
Commit: 665b52622a34c0197bc28090df6306b36436ca76
https://github.com/Checkmk/checkmk/commit/665b52622a34c0197bc28090df6306b36…
Author: Checkmk release system <feedback(a)checkmk.com>
Date: 2024-07-01 (Mon, 01 Jul 2024)
Changed paths:
M agents/check_mk_agent.aix
M agents/check_mk_agent.freebsd
M agents/check_mk_agent.hpux
M agents/check_mk_agent.linux
M agents/check_mk_agent.macosx
M agents/check_mk_agent.netbsd
M agents/check_mk_agent.openbsd
M agents/check_mk_agent.openvms
M agents/check_mk_agent.openwrt
M agents/check_mk_agent.solaris
M agents/plugins/apache_status.py
M agents/plugins/asmcmd.sh
M agents/plugins/db2_mem
M agents/plugins/dnsclient
M agents/plugins/hpux_lunstats
M agents/plugins/hpux_statgrab
M agents/plugins/ibm_mq
M agents/plugins/isc_dhcpd.py
M agents/plugins/jar_signature
M agents/plugins/kaspersky_av
M agents/plugins/lnx_container_host_if.linux
M agents/plugins/lnx_quota
M agents/plugins/lvm
M agents/plugins/mailman2_lists
M agents/plugins/mailman3_lists
M agents/plugins/mk_apt
M agents/plugins/mk_ceph
M agents/plugins/mk_cups_queues
M agents/plugins/mk_db2.aix
M agents/plugins/mk_db2.linux
M agents/plugins/mk_docker.py
M agents/plugins/mk_errpt.aix
M agents/plugins/mk_filehandler
M agents/plugins/mk_filestats.py
M agents/plugins/mk_haproxy.freebsd
M agents/plugins/mk_informix
M agents/plugins/mk_inotify.py
M agents/plugins/mk_inventory.aix
M agents/plugins/mk_inventory.linux
M agents/plugins/mk_inventory.solaris
M agents/plugins/mk_iptables
M agents/plugins/mk_jolokia.py
M agents/plugins/mk_logins
M agents/plugins/mk_logwatch.py
M agents/plugins/mk_mongodb.py
M agents/plugins/mk_mysql
M agents/plugins/mk_nfsiostat
M agents/plugins/mk_omreport
M agents/plugins/mk_oracle
M agents/plugins/mk_oracle_crs
M agents/plugins/mk_postgres.py
M agents/plugins/mk_redis
M agents/plugins/mk_sap.aix
M agents/plugins/mk_sap.py
M agents/plugins/mk_sap_hana
M agents/plugins/mk_saprouter
M agents/plugins/mk_scaleio
M agents/plugins/mk_site_object_counts
M agents/plugins/mk_sshd_config
M agents/plugins/mk_suseconnect
M agents/plugins/mk_tinkerforge.py
M agents/plugins/mk_tsm
M agents/plugins/mk_zypper
M agents/plugins/mtr.py
M agents/plugins/netstat.aix
M agents/plugins/netstat.linux
M agents/plugins/netstat.solaris
M agents/plugins/nfsexports
M agents/plugins/nfsexports.solaris
M agents/plugins/nginx_status.py
M agents/plugins/plesk_backups.py
M agents/plugins/plesk_domains.py
M agents/plugins/runas
M agents/plugins/smart
M agents/plugins/symantec_av
M agents/plugins/unitrends_backup
M agents/plugins/unitrends_replication.py
M agents/plugins/vxvm
M agents/plugins/zorp
M agents/windows/plugins/ad_replication.bat
M agents/windows/plugins/arcserve_backup.ps1
M agents/windows/plugins/citrix_farm.ps1
M agents/windows/plugins/citrix_licenses.vbs
M agents/windows/plugins/citrix_xenapp.ps1
M agents/windows/plugins/hyperv_vms.ps1
M agents/windows/plugins/hyperv_vms_guestinfos.ps1
M agents/windows/plugins/iis_app_pool_state.ps1
M agents/windows/plugins/kaspersky_av_client.vbs
M agents/windows/plugins/mcafee_av_client.bat
M agents/windows/plugins/megaraid.bat
M agents/windows/plugins/mk_dhcp_enabled.bat
M agents/windows/plugins/mk_inventory.vbs
M agents/windows/plugins/mk_msoffice.ps1
M agents/windows/plugins/mk_mysql.vbs
M agents/windows/plugins/mk_oracle.ps1
M agents/windows/plugins/msexch_dag.ps1
M agents/windows/plugins/msexch_database.ps1
M agents/windows/plugins/mssql.vbs
M agents/windows/plugins/netstat_an.bat
M agents/windows/plugins/nvidia_smi.ps1
M agents/windows/plugins/rds_licenses.vbs
M agents/windows/plugins/rstcli.bat
M agents/windows/plugins/sansymphony.ps1
M agents/windows/plugins/storcli.bat
M agents/windows/plugins/tsm_checks.bat
M agents/windows/plugins/veeam_backup_status.ps1
M agents/windows/plugins/win_dhcp_pools.bat
M agents/windows/plugins/win_dmidecode.bat
M agents/windows/plugins/win_license.bat
M agents/windows/plugins/win_printers.ps1
M agents/windows/plugins/windows_broadcom_bonding.bat
M agents/windows/plugins/windows_if.ps1
M agents/windows/plugins/windows_intel_bonding.bat
M agents/windows/plugins/windows_multipath.vbs
M agents/windows/plugins/windows_os_bonding.ps1
M agents/windows/plugins/windows_tasks.ps1
M agents/windows/plugins/windows_updates.vbs
M agents/windows/plugins/wmic_if.bat
M agents/wnx/include/common/wnx_version.h
M bin/livedump
M cmk/special_agents/agent_jolokia.py
M cmk/special_agents/agent_netapp.py
M cmk/special_agents/agent_splunk.py
M cmk/special_agents/agent_vsphere.py
M cmk/utils/version.py
M defines.make
M docker_image/Dockerfile
M packages/cmk-agent-ctl/src/constants.rs
M packages/mk-sql/src/constants.rs
M packages/neb/CMakeLists.txt
Log Message:
-----------
Set version to 2.3.0p9
Commit: 1bf9ffb45e768111b3d727829ed3a1700f8b653a
https://github.com/Checkmk/checkmk/commit/1bf9ffb45e768111b3d727829ed3a1700…
Author: Jonas Scharpf <jonas.scharpf(a)checkmk.com>
Date: 2024-07-01 (Mon, 01 Jul 2024)
Changed paths:
M .werks/17010.md
Log Message:
-----------
Fix version of werk
Change-Id: I65384c553f83cd83b540ee4ad36159a9512dd727
Commit: 4a965bf10988decd95f82eecfc7f949688b2788d
https://github.com/Checkmk/checkmk/commit/4a965bf10988decd95f82eecfc7f94968…
Author: Solomon Jacobs <solomon.jacobs(a)checkmk.com>
Date: 2024-07-02 (Tue, 02 Jul 2024)
Changed paths:
A .werks/16431.md
M omd/packages/omd/omdlib/main.py
Log Message:
-----------
16431 FIX omd restore: Fix RuntimeError: Failed to determine site version
SUP-18672
Change-Id: Ic212139fd8e2e38c2dfbb70c9db68812870d22d5
Commit: f86e6dfdb40aa3f90773b1bdc208f8d13b5e652b
https://github.com/Checkmk/checkmk/commit/f86e6dfdb40aa3f90773b1bdc208f8d13…
Author: Gav <gavin.mcguigan(a)checkmk.com>
Date: 2024-07-02 (Tue, 02 Jul 2024)
Changed paths:
M cmk/gui/openapi/endpoints/activate_changes/__init__.py
Log Message:
-----------
activate_changes: catch unknown activation processes error before returning running activations
Running activations have already been activated (in some cases) when
we then ask for the activation details. This is causing the test to
be flaky.
CMK-18048
Change-Id: I2789e03a04a15ea6b4c95cd88ed1eb4286e51c8f
Commit: 405aadd3e603186f600ea95b47110910fa383e80
https://github.com/Checkmk/checkmk/commit/405aadd3e603186f600ea95b47110910f…
Author: Simon Jess <simon.jess(a)checkmk.com>
Date: 2024-07-02 (Tue, 02 Jul 2024)
Changed paths:
A .werks/16753.md
M cmk/gui/views/inventory/__init__.py
M cmk/gui/views/join_service_rows.py
Log Message:
-----------
16753 FIX HW/SW Inventory: Fix missing joined service columns if a service is assigned to a cluster
Change-Id: I75b0bd6141ba2f4b715b8c06f8aeb844df1641f3
Commit: 8f01c977eeba4bac1c1d6539d7204e5f2e2056ae
https://github.com/Checkmk/checkmk/commit/8f01c977eeba4bac1c1d6539d7204e5f2…
Author: Checkmk release system <feedback(a)checkmk.com>
Date: 2024-07-02 (Tue, 02 Jul 2024)
Changed paths:
M tests/update/base_versions_current_branch.json
Log Message:
-----------
Include 2.3.0p8 in base-versions list for update-test
Commit: ec809c74cc557aee4b09efef74a0d56230962c36
https://github.com/Checkmk/checkmk/commit/ec809c74cc557aee4b09efef74a0d5623…
Author: Jonas Scharpf <jonas.scharpf(a)checkmk.com>
Date: 2024-07-02 (Tue, 02 Jul 2024)
Changed paths:
M .werks/16431.md
Log Message:
-----------
Fix version of werk
Change-Id: Iaaa491fc3cd2ea1cd199ab320e5b7eb28ae37218
Commit: c11e5332c49cfa7eceb22ae7e3b256c8ea5d31ab
https://github.com/Checkmk/checkmk/commit/c11e5332c49cfa7eceb22ae7e3b256c8e…
Author: Sofia Colakovic <sofia.colakovic(a)checkmk.com>
Date: 2024-07-02 (Tue, 02 Jul 2024)
Changed paths:
A .werks/16863.md
M cmk/special_agents/agent_proxmox_ve.py
M tests/unit/cmk/special_agents/test_agent_proxmox_ve.py
Log Message:
-----------
16863 FIX proxmox: Fix log parsing crash for Proxmox versions 3.2.4 and newer
The backup log format changed in Proxmox version 3.2.4 which resulted in a crash
in the Proxmox special agent.
The special agent can now handle both old and the new format of backup log messages.
SUP-19222
Change-Id: I57c0108b20874b8d3fb5841f8827779ed1504d3a
Commit: 95dccaf7a0c72d1939397451adaa39e64139c1ee
https://github.com/Checkmk/checkmk/commit/95dccaf7a0c72d1939397451adaa39e64…
Author: Checkmk release system <feedback(a)checkmk.com>
Date: 2024-07-02 (Tue, 02 Jul 2024)
Changed paths:
M tests/update/base_versions_previous_branch.json
Log Message:
-----------
Include 2.2.0p29 in base-versions list for update-test
Compare: https://github.com/Checkmk/checkmk/compare/105ffefff92e...95dccaf7a0c7
To unsubscribe from these emails, change your notification settings at https://github.com/Checkmk/checkmk/settings/notifications
Branch: refs/heads/2.2.0
Home: https://github.com/Checkmk/checkmk
Commit: d281666ab76a7ffdee34ce668bb186ccc562d158
https://github.com/Checkmk/checkmk/commit/d281666ab76a7ffdee34ce668bb186ccc…
Author: Maximilian Wirtz <maximilian.wirtz(a)checkmk.com>
Date: 2024-07-01 (Mon, 01 Jul 2024)
Changed paths:
A .werks/17010
M cmk/gui/valuespec.py
Log Message:
-----------
17010 SEC XSS in SQL check parameters
Prior to this Werk an attacher could add HTML to one parameter of the *Check SQL database* rule which was executed on the overview page.
We found this vulnerability internally.
**Affected Versions**:
LI: 2.3.0
LI: 2.2.0
LI: 2.1.0
LI: 2.0.0 (probably older versions as well)
**Indicators of Compromis**:
The creation of such rules is logged in the audit log. You can therefore check the `wato_audit.log` either on the terminal or in the UI for entries that contain malicious HTML.
**Vulnerability Management**:
We have rated the issue with a CVSS Score of 6.5 (Medium) with the following CVSS vector: `CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L`
We assigned CVE-2024-6052 to this vulnerability.
**Changes**:
This Werk fixes the escaping.
CMK-17809
Change-Id: I8cf2d8218f1d6bb449beb6947d879b8a114e081a
Commit: cad9dd2ec159e66c9d57cde977e9a9a32c57b670
https://github.com/Checkmk/checkmk/commit/cad9dd2ec159e66c9d57cde977e9a9a32…
Author: Kenneth Okoh <kenneth.okoh(a)checkmk.com>
Date: 2024-07-02 (Tue, 02 Jul 2024)
Changed paths:
M .werks/17010
Log Message:
-----------
Fix werk version
Change-Id: I5c53b5b32f1013a1611377a5d15120afebe9e245
Commit: 1a3de82e3473eee4b565691b4d2103399ca99074
https://github.com/Checkmk/checkmk/commit/1a3de82e3473eee4b565691b4d2103399…
Author: Hannes Rantzsch <hannes.rantzsch(a)checkmk.com>
Date: 2024-07-02 (Tue, 02 Jul 2024)
Changed paths:
A .werks/17090
M cmk/gui/backup.py
M cmk/gui/key_mgmt.py
M cmk/gui/mkeventd/wato.py
M cmk/gui/plugins/wato/bi_config.py
M cmk/gui/plugins/wato/utils/simple_modes.py
M cmk/gui/wato/pages/audit_log.py
M cmk/gui/wato/pages/bulk_discovery.py
M cmk/gui/wato/pages/bulk_edit.py
M cmk/gui/wato/pages/bulk_import.py
M cmk/gui/wato/pages/diagnostics.py
M cmk/gui/wato/pages/folders.py
M cmk/gui/wato/pages/global_settings.py
M cmk/gui/wato/pages/groups.py
M cmk/gui/wato/pages/host_diagnose.py
M cmk/gui/wato/pages/host_rename.py
M cmk/gui/wato/pages/icons.py
M cmk/gui/wato/pages/ldap.py
M cmk/gui/wato/pages/notifications.py
M cmk/gui/wato/pages/parentscan.py
M cmk/gui/wato/pages/read_only.py
M cmk/gui/wato/pages/roles.py
M cmk/gui/wato/pages/rulesets.py
M cmk/gui/wato/pages/search.py
M cmk/gui/wato/pages/sites.py
M cmk/gui/wato/pages/tags.py
M cmk/gui/wato/pages/timeperiods.py
M cmk/gui/wato/pages/user_migrate.py
M cmk/gui/wato/pages/users.py
M web/htdocs/js/modules/forms.ts
Log Message:
-----------
17090 SEC Fix Various CSRF Issues
This Werk adds priviously missing CSRF-Token validation to various endpoints in WATO.
The lack of CSRF-Token validation could allow an attacker to perform actions on behalf of a user without their consent, by tricking the user into visiting clicking on a malicious link.
This vulnerability was identified during a commissioned penetration test conducted by PS Positive Security GmbH.
*Affected Versions*:
* 2.3.0
* 2.2.0
* 2.1.0
* 2.0.0 (EOL)
*Vulnerability Management*:
We have rated the issue with a CVSS Score of 8.8 High with the following CVSS vector: `CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H`.
and assigned CVE `CVE-2024-28828`.
Change-Id: Ib12128b873b7d06140e48fb66147e7a2599dd6f9
Commit: 1daf1f2c116f786c03ac155006dff14ac96b8d9f
https://github.com/Checkmk/checkmk/commit/1daf1f2c116f786c03ac155006dff14ac…
Author: Solomon Jacobs <solomon.jacobs(a)checkmk.com>
Date: 2024-07-02 (Tue, 02 Jul 2024)
Changed paths:
A .werks/16431
M omd/packages/omd/omdlib/main.py
Log Message:
-----------
16431 FIX omd restore: Fix RuntimeError: Failed to determine site version
SUP-18672
Change-Id: Ic212139fd8e2e38c2dfbb70c9db68812870d22d5
Commit: 991ffeda722dc12d049c3dd7a667cb5ef08a8fc7
https://github.com/Checkmk/checkmk/commit/991ffeda722dc12d049c3dd7a667cb5ef…
Author: Sergey Kipnis <sergey.kipnis(a)checkmk.com>
Date: 2024-07-02 (Tue, 02 Jul 2024)
Changed paths:
A .werks/16845
M agents/wnx/src/common/wtools.cpp
M agents/wnx/src/engine/cfg.cpp
M agents/wnx/src/engine/cfg_details.h
M agents/wnx/src/engine/cma_core.cpp
M agents/wnx/src/engine/cma_core.h
M agents/wnx/watest/test-yaml.cpp
Log Message:
-----------
16845 SEC fix a privilege escalation vulnerability in the Checkmk Windows Agent
This Werk fixes a privilege escalation vulnerability in the Checkmk Windows
Agent.
Prior to this Werk, it was possible for authenticated users on the monitored
Windows host to execute commands as administrator account that is used to run
the Agent, allowing them to elevate their privileges.
The reason for this issue were excessive write permissions on the
`ProgramData\checkmk\agent` directory.
Note that you must update Checkmk as well as the agent in order to apply this
fix.
This issue was found in a commissioned penetration test conducted by modzero
GmbH.
*Affected Versions*:
* 2.3.0
* 2.2.0
* 2.1.0
*Mitigations*:
If updating is not possible, you can manually remove write access for non-admin
users on the `ProgramData\checkmk\agent` folder.
To do this, navigate to the folder's property settings and make sure to verify
the special permissions and advanced permission settings in addition to the
basic permission settings.
*Vulnerability Management*:
We have rated the issue with a CVSS Score of 8.8 High (`CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H`)
and assigned `CVE-2024-28827`.
Change-Id: Ie739e73f15af032a3d2cdd0cfd20ea8bb97a761f
Commit: db4fb9cbcff2e657426db49c28e2c228e7d6646f
https://github.com/Checkmk/checkmk/commit/db4fb9cbcff2e657426db49c28e2c228e…
Author: Checkmk release system <feedback(a)checkmk.com>
Date: 2024-07-02 (Tue, 02 Jul 2024)
Changed paths:
M agents/check_mk_agent.aix
M agents/check_mk_agent.freebsd
M agents/check_mk_agent.hpux
M agents/check_mk_agent.linux
M agents/check_mk_agent.macosx
M agents/check_mk_agent.netbsd
M agents/check_mk_agent.openbsd
M agents/check_mk_agent.openvms
M agents/check_mk_agent.openwrt
M agents/check_mk_agent.solaris
M agents/plugins/apache_status.py
M agents/plugins/asmcmd.sh
M agents/plugins/db2_mem
M agents/plugins/dnsclient
M agents/plugins/hpux_lunstats
M agents/plugins/hpux_statgrab
M agents/plugins/ibm_mq
M agents/plugins/isc_dhcpd.py
M agents/plugins/jar_signature
M agents/plugins/kaspersky_av
M agents/plugins/lnx_container_host_if.linux
M agents/plugins/lnx_quota
M agents/plugins/lvm
M agents/plugins/mailman2_lists
M agents/plugins/mailman3_lists
M agents/plugins/mk_apt
M agents/plugins/mk_ceph
M agents/plugins/mk_cups_queues
M agents/plugins/mk_db2.aix
M agents/plugins/mk_db2.linux
M agents/plugins/mk_docker.py
M agents/plugins/mk_errpt.aix
M agents/plugins/mk_filehandler
M agents/plugins/mk_filestats.py
M agents/plugins/mk_haproxy.freebsd
M agents/plugins/mk_informix
M agents/plugins/mk_inotify.py
M agents/plugins/mk_inventory.aix
M agents/plugins/mk_inventory.linux
M agents/plugins/mk_inventory.solaris
M agents/plugins/mk_iptables
M agents/plugins/mk_jolokia.py
M agents/plugins/mk_logins
M agents/plugins/mk_logwatch.py
M agents/plugins/mk_mongodb.py
M agents/plugins/mk_mysql
M agents/plugins/mk_nfsiostat
M agents/plugins/mk_omreport
M agents/plugins/mk_oracle
M agents/plugins/mk_oracle_crs
M agents/plugins/mk_postgres.py
M agents/plugins/mk_redis
M agents/plugins/mk_sap.aix
M agents/plugins/mk_sap.py
M agents/plugins/mk_sap_hana
M agents/plugins/mk_saprouter
M agents/plugins/mk_scaleio
M agents/plugins/mk_site_object_counts
M agents/plugins/mk_sshd_config
M agents/plugins/mk_suseconnect
M agents/plugins/mk_tinkerforge.py
M agents/plugins/mk_tsm
M agents/plugins/mk_zypper
M agents/plugins/mtr.py
M agents/plugins/netstat.aix
M agents/plugins/netstat.linux
M agents/plugins/netstat.solaris
M agents/plugins/nfsexports
M agents/plugins/nfsexports.solaris
M agents/plugins/nginx_status.py
M agents/plugins/plesk_backups.py
M agents/plugins/plesk_domains.py
M agents/plugins/runas
M agents/plugins/smart
M agents/plugins/symantec_av
M agents/plugins/unitrends_backup
M agents/plugins/unitrends_replication.py
M agents/plugins/vxvm
M agents/plugins/zorp
M agents/windows/plugins/ad_replication.bat
M agents/windows/plugins/arcserve_backup.ps1
M agents/windows/plugins/citrix_farm.ps1
M agents/windows/plugins/citrix_licenses.vbs
M agents/windows/plugins/citrix_xenapp.ps1
M agents/windows/plugins/hyperv_vms.ps1
M agents/windows/plugins/hyperv_vms_guestinfos.ps1
M agents/windows/plugins/iis_app_pool_state.ps1
M agents/windows/plugins/kaspersky_av_client.vbs
M agents/windows/plugins/mcafee_av_client.bat
M agents/windows/plugins/megaraid.bat
M agents/windows/plugins/mk_dhcp_enabled.bat
M agents/windows/plugins/mk_inventory.vbs
M agents/windows/plugins/mk_msoffice.ps1
M agents/windows/plugins/mk_mysql.vbs
M agents/windows/plugins/mk_oracle.ps1
M agents/windows/plugins/msexch_dag.ps1
M agents/windows/plugins/msexch_database.ps1
M agents/windows/plugins/mssql.vbs
M agents/windows/plugins/netstat_an.bat
M agents/windows/plugins/nvidia_smi.ps1
M agents/windows/plugins/rds_licenses.vbs
M agents/windows/plugins/rstcli.bat
M agents/windows/plugins/sansymphony.ps1
M agents/windows/plugins/storcli.bat
M agents/windows/plugins/tsm_checks.bat
M agents/windows/plugins/veeam_backup_status.ps1
M agents/windows/plugins/win_dhcp_pools.bat
M agents/windows/plugins/win_dmidecode.bat
M agents/windows/plugins/win_license.bat
M agents/windows/plugins/win_printers.ps1
M agents/windows/plugins/windows_broadcom_bonding.bat
M agents/windows/plugins/windows_if.ps1
M agents/windows/plugins/windows_intel_bonding.bat
M agents/windows/plugins/windows_multipath.vbs
M agents/windows/plugins/windows_os_bonding.ps1
M agents/windows/plugins/windows_tasks.ps1
M agents/windows/plugins/windows_updates.vbs
M agents/windows/plugins/wmic_if.bat
M agents/wnx/src/common/wnx_version.h
M bin/livedump
M bin/mkbackup
M cmk/special_agents/agent_jolokia.py
M cmk/special_agents/agent_netapp.py
M cmk/special_agents/agent_splunk.py
M cmk/special_agents/agent_vsphere.py
M cmk/utils/version.py
M configure.ac
M defines.make
M docker_image/Dockerfile
M packages/cmk-agent-ctl/src/constants.rs
Log Message:
-----------
Set version to 2.2.0p30
Commit: 12eba85c9112773b9c4e977c09368ea27f180069
https://github.com/Checkmk/checkmk/commit/12eba85c9112773b9c4e977c09368ea27…
Author: Kenneth Okoh <kenneth.okoh(a)checkmk.com>
Date: 2024-07-02 (Tue, 02 Jul 2024)
Changed paths:
A .werks/16999
M cmk/base/core_nagios.py
M cmk/gui/mkeventd/icon.py
M cmk/gui/views/painter/v0/painters.py
M cmk/utils/escaping.py
M tests/unit/cmk/gui/plugins/views/test_painters.py
Log Message:
-----------
16999 FIX Service check command UI escaping
Previously instead of "!" the GUI displayed "\!" when rendering a service check command.
This is fixed to rendering unescaped service check commands to the GUI.
CMK-17241
Change-Id: I66b903ab2c35add145938e0c2bba50614496cc33
Commit: 1551cfeef6b3ff6356e7388c059ec0ac839df236
https://github.com/Checkmk/checkmk/commit/1551cfeef6b3ff6356e7388c059ec0ac8…
Author: Kenneth Okoh <kenneth.okoh(a)checkmk.com>
Date: 2024-07-02 (Tue, 02 Jul 2024)
Changed paths:
M .werks/16999
Log Message:
-----------
Werk #16999: fix version
Change-Id: Ibdc9f3a93f283c3d241a85f3f719f829a25ebff4
Commit: c9e762baf9b7bc6374feaa927e2454d2872c4abe
https://github.com/Checkmk/checkmk/commit/c9e762baf9b7bc6374feaa927e2454d28…
Author: Simon Jess <simon.jess(a)checkmk.com>
Date: 2024-07-02 (Tue, 02 Jul 2024)
Changed paths:
A .werks/16753
M cmk/gui/views/inventory/__init__.py
M cmk/gui/views/join_service_rows.py
Log Message:
-----------
16753 FIX HW/SW Inventory: Fix missing joined service columns if a service is assigned to a cluster
Change-Id: I75b0bd6141ba2f4b715b8c06f8aeb844df1641f3
Commit: 378067cdd4f087c1f6b42a14c4bc1b0a40df798f
https://github.com/Checkmk/checkmk/commit/378067cdd4f087c1f6b42a14c4bc1b0a4…
Author: Sofia Colakovic <sofia.colakovic(a)checkmk.com>
Date: 2024-07-02 (Tue, 02 Jul 2024)
Changed paths:
A .werks/16863
M cmk/special_agents/agent_proxmox_ve.py
M tests/unit/checks/test_agent_proxmox_ve.py
Log Message:
-----------
16863 FIX proxmox: Fix log parsing crash for Proxmox versions 3.2.4 and newer
The backup log format changed in Proxmox version 3.2.4 which resulted in a crash
in the Proxmox special agent.
The special agent can now handle both old and the new format of backup log messages.
SUP-19222
Change-Id: I57c0108b20874b8d3fb5841f8827779ed1504d3a
Commit: fc36525c611e6f62b82e710598ca6aa2164f71dd
https://github.com/Checkmk/checkmk/commit/fc36525c611e6f62b82e710598ca6aa21…
Author: Checkmk release system <feedback(a)checkmk.com>
Date: 2024-07-02 (Tue, 02 Jul 2024)
Changed paths:
M tests/update/base_versions_current_branch.json
Log Message:
-----------
Include 2.2.0p29 in base-versions list for update-test
Compare: https://github.com/Checkmk/checkmk/compare/e3222a6bc5ff...fc36525c611e
To unsubscribe from these emails, change your notification settings at https://github.com/Checkmk/checkmk/settings/notifications
Branch: refs/heads/2.1.0
Home: https://github.com/Checkmk/checkmk
Commit: 6fc4f3b341bae28d741edf172812ac204d2f78f5
https://github.com/Checkmk/checkmk/commit/6fc4f3b341bae28d741edf172812ac204…
Author: Maximilian Wirtz <maximilian.wirtz(a)checkmk.com>
Date: 2024-07-01 (Mon, 01 Jul 2024)
Changed paths:
A .werks/17010
M cmk/gui/valuespec.py
Log Message:
-----------
17010 SEC XSS in SQL check parameters
Prior to this Werk an attacher could add HTML to one parameter of the *Check SQL database* rule which was executed on the overview page.
We found this vulnerability internally.
**Affected Versions**:
LI: 2.3.0
LI: 2.2.0
LI: 2.1.0
LI: 2.0.0 (probably older versions as well)
**Indicators of Compromis**:
The creation of such rules is logged in the audit log. You can therefore check the `wato_audit.log` either on the terminal or in the UI for entries that contain malicious HTML.
**Vulnerability Management**:
We have rated the issue with a CVSS Score of 6.5 (Medium) with the following CVSS vector: `CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L`
We assigned CVE-2024-6052 to this vulnerability.
**Changes**:
This Werk fixes the escaping.
CMK-17809
Change-Id: I8cf2d8218f1d6bb449beb6947d879b8a114e081a
Commit: a6104a4a2d431870634becabd186b8e98460397e
https://github.com/Checkmk/checkmk/commit/a6104a4a2d431870634becabd186b8e98…
Author: Hannes Rantzsch <hannes.rantzsch(a)checkmk.com>
Date: 2024-07-02 (Tue, 02 Jul 2024)
Changed paths:
A .werks/17090
M cmk/gui/backup.py
M cmk/gui/key_mgmt.py
M cmk/gui/plugins/wato/bi_config.py
M cmk/gui/plugins/wato/utils/simple_modes.py
M cmk/gui/wato/mkeventd.py
M cmk/gui/wato/pages/audit_log.py
M cmk/gui/wato/pages/bulk_discovery.py
M cmk/gui/wato/pages/bulk_edit.py
M cmk/gui/wato/pages/bulk_import.py
M cmk/gui/wato/pages/diagnostics.py
M cmk/gui/wato/pages/folders.py
M cmk/gui/wato/pages/global_settings.py
M cmk/gui/wato/pages/groups.py
M cmk/gui/wato/pages/host_diagnose.py
M cmk/gui/wato/pages/host_rename.py
M cmk/gui/wato/pages/icons.py
M cmk/gui/wato/pages/ldap.py
M cmk/gui/wato/pages/notifications.py
M cmk/gui/wato/pages/parentscan.py
M cmk/gui/wato/pages/read_only.py
M cmk/gui/wato/pages/roles.py
M cmk/gui/wato/pages/rulesets.py
M cmk/gui/wato/pages/search.py
M cmk/gui/wato/pages/sites.py
M cmk/gui/wato/pages/tags.py
M cmk/gui/wato/pages/timeperiods.py
M cmk/gui/wato/pages/users.py
M web/htdocs/js/modules/forms.js
Log Message:
-----------
17090 SEC Fix Various CSRF Issues
This Werk adds priviously missing CSRF-Token validation to various endpoints in WATO.
The lack of CSRF-Token validation could allow an attacker to perform actions on behalf of a user without their consent, by tricking the user into visiting clicking on a malicious link.
This vulnerability was identified during a commissioned penetration test conducted by PS Positive Security GmbH.
*Affected Versions*:
* 2.3.0
* 2.2.0
* 2.1.0
* 2.0.0 (EOL)
*Vulnerability Management*:
We have rated the issue with a CVSS Score of 8.8 High with the following CVSS vector: `CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H`.
and assigned CVE `CVE-2024-28828`.
Change-Id: Ib12128b873b7d06140e48fb66147e7a2599dd6f9
Commit: 646362ad319de61d69c3ea40599616137456c4cc
https://github.com/Checkmk/checkmk/commit/646362ad319de61d69c3ea40599616137…
Author: Sergey Kipnis <sergey.kipnis(a)checkmk.com>
Date: 2024-07-02 (Tue, 02 Jul 2024)
Changed paths:
A .werks/16845
M agents/wnx/src/common/wtools.cpp
M agents/wnx/src/engine/cfg.cpp
M agents/wnx/src/engine/cfg_details.h
M agents/wnx/src/engine/cma_core.cpp
M agents/wnx/src/engine/cma_core.h
M agents/wnx/watest/test-yaml.cpp
Log Message:
-----------
16845 SEC fix a privilege escalation vulnerability in the Checkmk Windows Agent
This Werk fixes a privilege escalation vulnerability in the Checkmk Windows
Agent.
Prior to this Werk, it was possible for authenticated users on the monitored
Windows host to execute commands as administrator account that is used to run
the Agent, allowing them to elevate their privileges.
The reason for this issue were excessive write permissions on the
`ProgramData\checkmk\agent` directory.
Note that you must update Checkmk as well as the agent in order to apply this
fix.
This issue was found in a commissioned penetration test conducted by modzero
GmbH.
*Affected Versions*:
* 2.3.0
* 2.2.0
* 2.1.0
*Mitigations*:
If updating is not possible, you can manually remove write access for non-admin
users on the `ProgramData\checkmk\agent` folder.
To do this, navigate to the folder's property settings and make sure to verify
the special permissions and advanced permission settings in addition to the
basic permission settings.
*Vulnerability Management*:
We have rated the issue with a CVSS Score of 8.8 High (`CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H`)
and assigned `CVE-2024-28827`.
Change-Id: Ib1209a61e89abaff520490a817a85f8840c94e45
Compare: https://github.com/Checkmk/checkmk/compare/41ea55fe138f...646362ad319d
To unsubscribe from these emails, change your notification settings at https://github.com/Checkmk/checkmk/settings/notifications