Branch: refs/heads/master
Home:
https://github.com/tribe29/checkmk
Commit: 2a384409a17c33422964f9d61327aaf49da069e7
https://github.com/tribe29/checkmk/commit/2a384409a17c33422964f9d61327aaf49…
Author: Hannes Rantzsch <hannes.rantzsch(a)tribe29.com>
Date: 2022-09-01 (Thu, 01 Sep 2022)
Changed paths:
A .werks/14385
M agent-receiver/agent_receiver/checkmk_rest_api.py
M agent-receiver/agent_receiver/models.py
M tests/unit/agent_receiver/test_endpoints.py
Log Message:
-----------
14385 SEC Fix limited SSRF in agent-receiver API
Prior to this Werk attackers could use the host registration API for
Server Side Request Forgery.
An attacker would have been able to make the Checkmk server issue local
requests to endpoints that should only be accessible from localhost. In
order to exploit this vulnerability attackers would have needed the
privileges to register hosts. This vulnerability was caused by
insufficient sanitization of the hostname of the host to be registered.
We thank Stefan Schiller (SonarSource) for reporting this issue.
Affected Versions: 2.1
Mitigations: The affected API can be disabled using omd stop
agent-receiver. Note however, that this makes it impossible to register
new hosts.
Vulnerability Management: We have rated the issue with a CVSS Score of
5.0 (Medium) with the following CVSS vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N.
A CVE has been requested.
Changes: This Werk adds validation for the hostname and ensures
hostnames are escaped in requests to the REST API.
CMK-11202
Change-Id: I230f72edf67eb0eb3451984a3415daa888af1f60