Branch: refs/heads/2.0.0
Home:
https://github.com/Checkmk/checkmk
Commit: 19ac904538369aa350ab5b99b5f0d25cea6967d2
https://github.com/Checkmk/checkmk/commit/19ac904538369aa350ab5b99b5f0d25ce…
Author: Hannes Rantzsch <hannes.rantzsch(a)checkmk.com>
Date: 2023-08-08 (Tue, 08 Aug 2023)
Changed paths:
A .werks/15193
M omd/packages/omd/omdlib/backup.py
Log Message:
-----------
15193 Exclude agent bakery file cache from omd backups
Temporary files created by the agent bakery when baking agents are now no longer included
in backups.
These files needlessly took up space in the backups, although they are not needed.
Specifically, this affects files in the directory
<tt>var/check_mk/agents/.files_cache</tt>.
Baked agents are still included in backups.
Change-Id: I2cbf6cb5439a4ff9dda23ab0c25e94f864b7f377
Commit: 4aae0bb949921bcf819b62a488da369f1d072a00
https://github.com/Checkmk/checkmk/commit/4aae0bb949921bcf819b62a488da369f1…
Author: Hannes Rantzsch <hannes.rantzsch(a)checkmk.com>
Date: 2023-08-08 (Tue, 08 Aug 2023)
Changed paths:
A .werks/15194
M cmk/base/core_config.py
M tests/unit/cmk/base/test_core_config.py
Log Message:
-----------
15194 SEC Fix command injection via RestAPI / Password Store
Prior to this Werk, users with the permissions to (a) use the RestAPI, (b) create
passwords in the password store, and (c) create active checks were able to run arbitrary
commands on the site.
This issue was found during internal code review.
<b>Affected Versions</b>:
LI: 2.0.0
LI: 2.1.0
LI: 2.2.0 prior to version 2.2.0p4
Note that at the point of publishing this Werk and fix, the current version 2.2.0 was
already not affected by this issue anymore, as the issue was already mitigated by Werk
#15889.
<b>Indicators of Compromise</b>:
Check the password store for passwords with unusual identifiers, review add-password
events in the audit log.
<b>Vulnerability Management</b>:
We have rated the issue with a CVSS Score of 8.8 (High) with the following CVSS vector:
<tt>CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H</tt>.
We have assigned CVE <tt>CVE-2023-31209</tt>.
<b>Changes</b>:
This Werk adds proper sanitization of the affected parameter on core commands.
CMK-14149
Change-Id: Id7087d6d57e6fc62f01dff8543737f880740e676
Commit: 48b3e1541e9928fb87d5f520bf79b01d1f692205
https://github.com/Checkmk/checkmk/commit/48b3e1541e9928fb87d5f520bf79b01d1…
Author: Checkmk release system <feedback(a)checkmk.com>
Date: 2023-08-09 (Wed, 09 Aug 2023)
Changed paths:
M agents/check_mk_agent.aix
M agents/check_mk_agent.freebsd
M agents/check_mk_agent.hpux
M agents/check_mk_agent.linux
M agents/check_mk_agent.macosx
M agents/check_mk_agent.netbsd
M agents/check_mk_agent.openbsd
M agents/check_mk_agent.openvms
M agents/check_mk_agent.openwrt
M agents/check_mk_agent.solaris
M agents/plugins/apache_status.py
M agents/plugins/asmcmd.sh
M agents/plugins/db2_mem
M agents/plugins/dnsclient
M agents/plugins/hpux_lunstats
M agents/plugins/hpux_statgrab
M agents/plugins/ibm_mq
M agents/plugins/isc_dhcpd.py
M agents/plugins/jar_signature
M agents/plugins/kaspersky_av
M agents/plugins/lnx_quota
M agents/plugins/lvm
M agents/plugins/mailman_lists
M agents/plugins/mk_apt
M agents/plugins/mk_ceph
M agents/plugins/mk_cups_queues
M agents/plugins/mk_db2.aix
M agents/plugins/mk_db2.linux
M agents/plugins/mk_docker.py
M agents/plugins/mk_errpt.aix
M agents/plugins/mk_filehandler
M agents/plugins/mk_filestats.py
M agents/plugins/mk_haproxy.freebsd
M agents/plugins/mk_informix
M agents/plugins/mk_inotify.py
M agents/plugins/mk_inventory.aix
M agents/plugins/mk_inventory.linux
M agents/plugins/mk_inventory.solaris
M agents/plugins/mk_iptables
M agents/plugins/mk_jolokia.py
M agents/plugins/mk_logins
M agents/plugins/mk_logwatch.py
M agents/plugins/mk_mongodb.py
M agents/plugins/mk_mysql
M agents/plugins/mk_nfsiostat
M agents/plugins/mk_omreport
M agents/plugins/mk_oracle
M agents/plugins/mk_oracle_crs
M agents/plugins/mk_postgres.py
M agents/plugins/mk_redis
M agents/plugins/mk_sap.aix
M agents/plugins/mk_sap.py
M agents/plugins/mk_sap_hana
M agents/plugins/mk_saprouter
M agents/plugins/mk_scaleio
M agents/plugins/mk_site_object_counts
M agents/plugins/mk_sshd_config
M agents/plugins/mk_suseconnect
M agents/plugins/mk_tinkerforge.py
M agents/plugins/mk_tsm
M agents/plugins/mk_zypper
M agents/plugins/mtr.py
M agents/plugins/netstat.aix
M agents/plugins/netstat.linux
M agents/plugins/netstat.solaris
M agents/plugins/nfsexports
M agents/plugins/nfsexports.solaris
M agents/plugins/nginx_status.py
M agents/plugins/plesk_backups.py
M agents/plugins/plesk_domains.py
M agents/plugins/runas
M agents/plugins/smart
M agents/plugins/symantec_av
M agents/plugins/unitrends_replication.py
M agents/plugins/vxvm
M agents/plugins/websphere_mq
M agents/windows/plugins/ad_replication.bat
M agents/windows/plugins/arcserve_backup.ps1
M agents/windows/plugins/citrix_farm.ps1
M agents/windows/plugins/citrix_licenses.vbs
M agents/windows/plugins/citrix_xenapp.ps1
M agents/windows/plugins/hyperv_vms.ps1
M agents/windows/plugins/hyperv_vms_guestinfos.ps1
M agents/windows/plugins/iis_app_pool_state.ps1
M agents/windows/plugins/kaspersky_av_client.vbs
M agents/windows/plugins/mcafee_av_client.bat
M agents/windows/plugins/megaraid.bat
M agents/windows/plugins/mk_dhcp_enabled.bat
M agents/windows/plugins/mk_inventory.vbs
M agents/windows/plugins/mk_msoffice.ps1
M agents/windows/plugins/mk_mysql.vbs
M agents/windows/plugins/mk_oracle.ps1
M agents/windows/plugins/msexch_dag.ps1
M agents/windows/plugins/msexch_database.ps1
M agents/windows/plugins/mssql.vbs
M agents/windows/plugins/netstat_an.bat
M agents/windows/plugins/rds_licenses.vbs
M agents/windows/plugins/rstcli.bat
M agents/windows/plugins/sansymphony.ps1
M agents/windows/plugins/storcli.bat
M agents/windows/plugins/tsm_checks.bat
M agents/windows/plugins/veeam_backup_status.ps1
M agents/windows/plugins/win_dhcp_pools.bat
M agents/windows/plugins/win_dmidecode.bat
M agents/windows/plugins/win_license.bat
M agents/windows/plugins/win_printers.ps1
M agents/windows/plugins/windows_broadcom_bonding.bat
M agents/windows/plugins/windows_if.ps1
M agents/windows/plugins/windows_intel_bonding.bat
M agents/windows/plugins/windows_multipath.vbs
M agents/windows/plugins/windows_os_bonding.ps1
M agents/windows/plugins/windows_tasks.ps1
M agents/windows/plugins/windows_updates.vbs
M agents/windows/plugins/wmic_if.bat
M agents/wnx/src/common/wnx_version.h
M bin/livedump
M bin/mkbackup
M bin/mkbench
M cmk/utils/version.py
M configure.ac
M defines.make
M docker/Dockerfile
Log Message:
-----------
Set version to 2.0.0p39
Compare:
https://github.com/Checkmk/checkmk/compare/1bac184279d1...48b3e1541e99