Branch: refs/heads/master
Home: https://github.com/Checkmk/checkmk
Commit: f129d14c745596e5bf975edc4ff6778196c54596
https://github.com/Checkmk/checkmk/commit/f129d14c745596e5bf975edc4ff677819…
Author: Max Linke <max.linke(a)checkmk.com>
Date: 2024-08-26 (Mon, 26 Aug 2024)
Changed paths:
M cmk/gui/openapi/restful_objects/type_defs.py
M scripts/create_test_idp_cse.sh
Log Message:
-----------
Add internal onboarding endpoint
For the CSE we use a separate onboarding guide. The guide is loaded per
checkmk instance and shown on the first login. Here we want to allow us
to load the secret for an automation user.
The exact user has to be configured. This will be done during setup of
the site in the saas platform. We are creating a user with minimal
permissions. Here for testing we use the automation user.
Change-Id: I7095a73229b76c2d800a5bc58a8b9f09cf90a54f
JIRA-Ref: SAASDEV-2253
To unsubscribe from these emails, change your notification settings at https://github.com/Checkmk/checkmk/settings/notifications
Branch: refs/heads/master
Home: https://github.com/Checkmk/checkmk
Commit: 9fa035ed8582091470907bb08fef5437591b1826
https://github.com/Checkmk/checkmk/commit/9fa035ed8582091470907bb08fef54375…
Author: Mehrdad Shahidi <mohammadmehrdad.shahidi(a)checkmk.com>
Date: 2024-08-26 (Mon, 26 Aug 2024)
Changed paths:
A .werks/17026.md
Log Message:
-----------
17026 SEC Fix XSS in view page with SLA column
Prior to this werk, the SLA (Service Level Agreement) titles were being rendered as HTML in the view page without proper escaping, leading to a potential XSS vulnerability.
**Affected Versions**:
* 2.3.0
* 2.2.0
* 2.1.0
* 2.0.0 (EOL)
**Indicators of Compromise**:
Cloning the view page of untrusted users who have injected HTML into the SLA titles.
**Vulnerability Management**:
We have rated the issue with a CVSS score of 4.8 (medium) with the following CVSS vector: `CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N`, and assigned `CVE-2024-38859`.
Change-Id: If1a560f4e6bbf5f52d9363a636e316653e134a58
To unsubscribe from these emails, change your notification settings at https://github.com/Checkmk/checkmk/settings/notifications
Branch: refs/heads/2.3.0
Home: https://github.com/Checkmk/checkmk
Commit: 8ca7898d84451646596b6c9c6da80f019c5554d0
https://github.com/Checkmk/checkmk/commit/8ca7898d84451646596b6c9c6da80f019…
Author: Mehrdad Shahidi <mohammadmehrdad.shahidi(a)checkmk.com>
Date: 2024-08-26 (Mon, 26 Aug 2024)
Changed paths:
A .werks/17026.md
Log Message:
-----------
17026 SEC Fix XSS in view page with SLA column
Prior to this werk, the SLA (Service Level Agreement) titles were being rendered as HTML in the view page without proper escaping, leading to a potential XSS vulnerability.
**Affected Versions**:
* 2.3.0
* 2.2.0
* 2.1.0
* 2.0.0 (EOL)
**Indicators of Compromise**:
Cloning the view page of untrusted users who have injected HTML into the SLA titles.
**Vulnerability Management**:
We have rated the issue with a CVSS score of 4.8 (medium) with the following CVSS vector: `CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N`, and assigned `CVE-2024-38859`.
Change-Id: If1a560f4e6bbf5f52d9363a636e316653e134a58
To unsubscribe from these emails, change your notification settings at https://github.com/Checkmk/checkmk/settings/notifications
Branch: refs/heads/2.1.0
Home: https://github.com/Checkmk/checkmk
Commit: 1d8ba09e0b00c5d9d31e25bba48269ab281047ec
https://github.com/Checkmk/checkmk/commit/1d8ba09e0b00c5d9d31e25bba48269ab2…
Author: Mehrdad Shahidi <mohammadmehrdad.shahidi(a)checkmk.com>
Date: 2024-08-26 (Mon, 26 Aug 2024)
Changed paths:
A .werks/17026
Log Message:
-----------
17026 SEC Fix XSS in view page with SLA column
Prior to this werk, the SLA (Service Level Agreement) titles were being rendered as HTML in the view page without proper escaping, leading to a potential XSS vulnerability.
**Affected Versions**:
* 2.3.0
* 2.2.0
* 2.1.0
* 2.0.0 (EOL)
**Indicators of Compromise**:
Cloning the view page of untrusted users who have injected HTML into the SLA titles.
**Vulnerability Management**:
We have rated the issue with a CVSS score of 4.8 (medium) with the following CVSS vector: `CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N`, and assigned `CVE-2024-38859`.
Change-Id: If1a560f4e6bbf5f52d9363a636e316653e134a58
To unsubscribe from these emails, change your notification settings at https://github.com/Checkmk/checkmk/settings/notifications
Branch: refs/heads/2.2.0
Home: https://github.com/Checkmk/checkmk
Commit: 0001d42e26c6845ebcc02284986c057f6a688372
https://github.com/Checkmk/checkmk/commit/0001d42e26c6845ebcc02284986c057f6…
Author: Mehrdad Shahidi <mohammadmehrdad.shahidi(a)checkmk.com>
Date: 2024-08-26 (Mon, 26 Aug 2024)
Changed paths:
A .werks/17026
Log Message:
-----------
17026 SEC Fix XSS in view page with SLA column
Prior to this werk, the SLA (Service Level Agreement) titles were being rendered as HTML in the view page without proper escaping, leading to a potential XSS vulnerability.
**Affected Versions**:
* 2.3.0
* 2.2.0
* 2.1.0
* 2.0.0 (EOL)
**Indicators of Compromise**:
Cloning the view page of untrusted users who have injected HTML into the SLA titles.
**Vulnerability Management**:
We have rated the issue with a CVSS score of 4.8 (medium) with the following CVSS vector: `CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N`, and assigned `CVE-2024-38859`.
Change-Id: If1a560f4e6bbf5f52d9363a636e316653e134a58
To unsubscribe from these emails, change your notification settings at https://github.com/Checkmk/checkmk/settings/notifications