[checkmk-commits] [Checkmk/checkmk] 6fc4f3: 17010 SEC XSS in SQL check parameters

Branch: refs/heads/2.1.0 Home: https://github.com/Checkmk/checkmk Commit: 6fc4f3b341bae28d741edf172812ac204d2f78f5 https://github.com/Checkmk/checkmk/commit/6fc4f3b341bae28d741edf172812ac204… Author: Maximilian Wirtz <maximilian.wirtz(a)checkmk.com> Date: 2024-07-01 (Mon, 01 Jul 2024) Changed paths: A .werks/17010 M cmk/gui/valuespec.py Log Message: ----------- 17010 SEC XSS in SQL check parameters Prior to this Werk an attacher could add HTML to one parameter of the *Check SQL database* rule which was executed on the overview page. We found this vulnerability internally. **Affected Versions**: LI: 2.3.0 LI: 2.2.0 LI: 2.1.0 LI: 2.0.0 (probably older versions as well) **Indicators of Compromis**: The creation of such rules is logged in the audit log. You can therefore check the `wato_audit.log` either on the terminal or in the UI for entries that contain malicious HTML. **Vulnerability Management**: We have rated the issue with a CVSS Score of 6.5 (Medium) with the following CVSS vector: `CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L` We assigned CVE-2024-6052 to this vulnerability. **Changes**: This Werk fixes the escaping. CMK-17809 Change-Id: I8cf2d8218f1d6bb449beb6947d879b8a114e081a Commit: a6104a4a2d431870634becabd186b8e98460397e https://github.com/Checkmk/checkmk/commit/a6104a4a2d431870634becabd186b8e98… Author: Hannes Rantzsch <hannes.rantzsch(a)checkmk.com> Date: 2024-07-02 (Tue, 02 Jul 2024) Changed paths: A .werks/17090 M cmk/gui/backup.py M cmk/gui/key_mgmt.py M cmk/gui/plugins/wato/bi_config.py M cmk/gui/plugins/wato/utils/simple_modes.py M cmk/gui/wato/mkeventd.py M cmk/gui/wato/pages/audit_log.py M cmk/gui/wato/pages/bulk_discovery.py M cmk/gui/wato/pages/bulk_edit.py M cmk/gui/wato/pages/bulk_import.py M cmk/gui/wato/pages/diagnostics.py M cmk/gui/wato/pages/folders.py M cmk/gui/wato/pages/global_settings.py M cmk/gui/wato/pages/groups.py M cmk/gui/wato/pages/host_diagnose.py M cmk/gui/wato/pages/host_rename.py M cmk/gui/wato/pages/icons.py M cmk/gui/wato/pages/ldap.py M cmk/gui/wato/pages/notifications.py M cmk/gui/wato/pages/parentscan.py M cmk/gui/wato/pages/read_only.py M cmk/gui/wato/pages/roles.py M cmk/gui/wato/pages/rulesets.py M cmk/gui/wato/pages/search.py M cmk/gui/wato/pages/sites.py M cmk/gui/wato/pages/tags.py M cmk/gui/wato/pages/timeperiods.py M cmk/gui/wato/pages/users.py M web/htdocs/js/modules/forms.js Log Message: ----------- 17090 SEC Fix Various CSRF Issues This Werk adds priviously missing CSRF-Token validation to various endpoints in WATO. The lack of CSRF-Token validation could allow an attacker to perform actions on behalf of a user without their consent, by tricking the user into visiting clicking on a malicious link. This vulnerability was identified during a commissioned penetration test conducted by PS Positive Security GmbH. *Affected Versions*: * 2.3.0 * 2.2.0 * 2.1.0 * 2.0.0 (EOL) *Vulnerability Management*: We have rated the issue with a CVSS Score of 8.8 High with the following CVSS vector: `CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H`. and assigned CVE `CVE-2024-28828`. Change-Id: Ib12128b873b7d06140e48fb66147e7a2599dd6f9 Commit: 646362ad319de61d69c3ea40599616137456c4cc https://github.com/Checkmk/checkmk/commit/646362ad319de61d69c3ea40599616137… Author: Sergey Kipnis <sergey.kipnis(a)checkmk.com> Date: 2024-07-02 (Tue, 02 Jul 2024) Changed paths: A .werks/16845 M agents/wnx/src/common/wtools.cpp M agents/wnx/src/engine/cfg.cpp M agents/wnx/src/engine/cfg_details.h M agents/wnx/src/engine/cma_core.cpp M agents/wnx/src/engine/cma_core.h M agents/wnx/watest/test-yaml.cpp Log Message: ----------- 16845 SEC fix a privilege escalation vulnerability in the Checkmk Windows Agent This Werk fixes a privilege escalation vulnerability in the Checkmk Windows Agent. Prior to this Werk, it was possible for authenticated users on the monitored Windows host to execute commands as administrator account that is used to run the Agent, allowing them to elevate their privileges. The reason for this issue were excessive write permissions on the `ProgramData\checkmk\agent` directory. Note that you must update Checkmk as well as the agent in order to apply this fix. This issue was found in a commissioned penetration test conducted by modzero GmbH. *Affected Versions*: * 2.3.0 * 2.2.0 * 2.1.0 *Mitigations*: If updating is not possible, you can manually remove write access for non-admin users on the `ProgramData\checkmk\agent` folder. To do this, navigate to the folder's property settings and make sure to verify the special permissions and advanced permission settings in addition to the basic permission settings. *Vulnerability Management*: We have rated the issue with a CVSS Score of 8.8 High (`CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H`) and assigned `CVE-2024-28827`. Change-Id: Ib1209a61e89abaff520490a817a85f8840c94e45 Compare: https://github.com/Checkmk/checkmk/compare/41ea55fe138f...646362ad319d To unsubscribe from these emails, change your notification settings at https://github.com/Checkmk/checkmk/settings/notifications