[checkmk-commits] [Checkmk/checkmk] aa5930: Ignore agents/plugins/*.checksum during permission...

Branch: refs/heads/2.0.0 Home: https://github.com/Checkmk/checkmk Commit: aa59306cd7e3eaae37d6a4367d5a44ecf5c18a05 https://github.com/Checkmk/checkmk/commit/aa59306cd7e3eaae37d6a4367d5a44ecf… Author: Lars Michelsen &lt;lm(a)tribe29.com&gt; Date: 2023-05-03 (Wed, 03 May 2023) Changed paths: M tests/unit/test_permissions.py Log Message: ----------- Ignore agents/plugins/*.checksum during permission test Change-Id: Iab09529d6cb43ec5df8015dbffb17bd2804120da Commit: 89085cb8c47c65071a1af9858e5e9ef45ae93209 https://github.com/Checkmk/checkmk/commit/89085cb8c47c65071a1af9858e5e9ef45… Author: Hannes Rantzsch &lt;hannes.rantzsch(a)tribe29.com&gt; Date: 2023-05-03 (Wed, 03 May 2023) Changed paths: A .werks/15189 M cmk/base/diagnostics.py Log Message: ----------- 15189 SEC Don't log automation user credentials when generating performance graph diagnostics Prior to this Werk, creating a Support Diagnostic report including the option "Performance Graphs of Checkmk Server" caused the automation secret of the user "automation" to be logged to the site Apache access log file (var/log/apache/access_log). This affected both creating the diagnostic report via the GUI (Setup > Maintenance > Support diagnostics) and via the command line (cmk --create-diagnostics-dump --performance-graphs). With this Werk the credentials are no longer written to the log file. Note that no automatic sanitization of the log file is attempted by applying this patch. This issue was discovered during internal review. Affected Versions: - 2.2.0 (beta) - 2.1.0 - 2.0.0 Mitigations: Users are advised to change the secret of the user "automation" via the User Management UI. If this is not an option for you, delete or manually sanitize the Apache access log file and any backup of the file. Remove any line that contains a POST to <your site URL>/report.py?_username=automation&_secret=<...>. Refrain from using the affected functionality before applying this patch or manually sanitize the file afterwards. Vulnerability Management: We have rated the issue with a CVSS Score of 4.4 (Medium) with the following CVSS vector: <tt>CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N</tt>. We have assigned CVE-2023-31207. Change-Id: I5b903fb3c1d186219f7718acf3d6efa498e9f5cf Compare: https://github.com/Checkmk/checkmk/compare/c3a85dba3f64...89085cb8c47c