Branch: refs/heads/master
Home:
https://github.com/tribe29/checkmk
Commit: 527882210677c61d0b73a9e8ddc878a2571b1b78
https://github.com/tribe29/checkmk/commit/527882210677c61d0b73a9e8ddc878a25…
Author: Lars Michelsen <lm(a)tribe29.com>
Date: 2020-08-17 (Mon, 17 Aug 2020)
Changed paths:
M cmk/gui/valuespec.py
M cmk/utils/regex.py
Log Message:
-----------
Use central regex compilation and crentralize host regex
Change-Id: Idafd284d851830978ad83477ca9ddc5aa610fa80
Commit: da331bdf26f450c70b8498decf6438d412f4b021
https://github.com/tribe29/checkmk/commit/da331bdf26f450c70b8498decf6438d41…
Author: Lars Michelsen <lm(a)tribe29.com>
Date: 2020-08-17 (Mon, 17 Aug 2020)
Changed paths:
A .werks/11263
M cmk/base/data_sources/agent.py
M tests/unit/cmk/base/data_sources/test_agent.py
Log Message:
-----------
11263 SEC Fix piggyback path traversal
In previous versions it was possible to create files in the querying Checkmk
site by modifying or extending an agent on a monitored system.
So an attacker who gained rights on a monitored system to extend the agent
could create and modify files in the monitoring Checkmk site with certain
modifications of the agent. The creation or modification of files in the
Checkmk site was done with rights of the Checkmk site user.
This problem is now solved by a better validation of hostnames of piggybacked
hosts. With this change only these characters are allowed in Piggybacked
hostnames: <tt>0-9a-zA-Z_.-</tt>. These are exactly the same characters that
Checkmk normally allows when creating hostnames. A special feature of Piggyback
hostnames is that all illegal hostnames are replaced by "_".
This change means that Piggyback hosts created with now invalid characters will
have to be created differently after this change so that they can continue to
be monitored.
Change-Id: Ia2d63e9bde603361e2810fffde19587c3fcc68e5
Commit: ac598e5ca4f8dd74cdd9fa9edacd8d58ef9f88c3
https://github.com/tribe29/checkmk/commit/ac598e5ca4f8dd74cdd9fa9edacd8d58e…
Author: Lars Michelsen <lm(a)tribe29.com>
Date: 2020-08-17 (Mon, 17 Aug 2020)
Changed paths:
M cmk/gui/wato/mkeventd.py
Log Message:
-----------
EC global setting: Make page menu work
Change-Id: Ibcaf3906b21e6337157ab402fd64edbbcedb192d
Compare:
https://github.com/tribe29/checkmk/compare/33ac52797418...ac598e5ca4f8