[checkmk-commits] [tribe29/checkmk] a17d70: 14873 SEC Windows agent's ProgramData directory is...

Branch: refs/heads/2.0.0 Home: https://github.com/tribe29/checkmk Commit: a17d701c259fbe77f4e7cc0f549baa0773db06d9 https://github.com/tribe29/checkmk/commit/a17d701c259fbe77f4e7cc0f549baa077… Author: Sergey Kipnis <sergey.kipnis(a)tribe29.com> Date: 2022-10-17 (Mon, 17 Oct 2022) Changed paths: A .werks/14873 M agents/wnx/src/engine/cma_core.cpp Log Message: ----------- 14873 SEC Windows agent's ProgramData directory is accessible only with admins permissions Previous to this Werk every authenticated Windows user could read some (uncritical) data from the Windows agent. This was convenient to most users since one did not need to elevate privileges. To prevent issues with sensitive data being accidentially written to logs we restrict the permission to read data of the Windows agent. To our knowledge it was not possible to exploit this in any way. We calculated the following CVSS score for this 0.0 (None): CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:N Change-Id: I0a25b8d7c1a675f305f7da1c5298cac8f20791cf